Unable to connect to a VPN - ISP & Public IP & NAT

[Dullus]

I saw this problem different times online but still i haven't a solution.
I use a VPN client Cisco system to connect to an external network (VPN).
I use fastweb as ISP and i have only public IP; i tried to use private IP with fastweb but the problem is the same. With other ISP such as Telecom i don't have this problem.
I'm able to connect but after i can't surf online and this is really bother because online i have some special contents that my company offers.
I use Ipsec UDP Nat/pat; shall i try to use another vpn client? Can someone suggest how to solve this problem?

 

[Brian_tii]

Check your routes after you connect. Your network admin may not be using split tunneling (or worse have it configured incorrectly) and all your traffic maybe trying to go through your corp network... which also may not be doing DNS resolution or may require you to go through a proxy to get out.

Another potential issue is that your internal private network in your house maybe overlapping with the IP address pool your IT department is handing out over the VPN client.

Ultimately it's a configuration setting on the Cisco ASA, PIX or VPN 3000 concentrator that likely needs to be changed... OR... you need to change your expectations or home network. Either way talk to your IT guys... it's probably something they need to look at. If they won't talk to you... then:

1) Connect to the vpn

2) Go to your windows command line and post the output of the following commands:

"netstat -rn"
"ipconfig /all"

Please note the output of the above may lead to us knowing more about you than you may wish to disclose... such as:

- Your internet provider / your ip address
- The company you work for
- The internal networks in use at your company

Personally if I did security at your company I wouldn't want you to send that out to "everyone" on the internet... some people don't care though... and I can't do too much more to help you id the issue without it. Feel free to PM it to me if that makes you more comfortable, or talking to your IT guys would be the best solution.

 

[dEAne]

For me it is best that you ask your company's IT admin regarding that and bring the laptop with you. Sometimes the company change something to its internet configuration without notice.