# Help with VPN and comcast netgear wireless router



## aindian1 (Mar 5, 2008)

Hi 

I am using Comcast internet. They have provided me with Netgear CG814wg v2 wireless router.

Everything works fine, except when I start Cisco VPN. Once VPN is connected, internet and intranet stops working. 

Comcast says they don't support VPN. Work people say VPN is fine as it used to work just fine when I was on DSL. 

Please help.


----------



## johnwill (Sep 26, 2002)

Welcome to the club. It's normal for VPN connections to disable other network traffic, it's a security measure.

Think about the situation, you have a VPN tunnel directly into a protected network. If Internet traffic was allowed on the same computer, you're opening a giant hole in their security.

I'm frankly surprised they allowed you to do that with the DSL configuration...


----------



## aindian1 (Mar 5, 2008)

Are you saying you have never seen a situation where after VPNing you can also surf the internet? 

Also, as I said in my post, even Intranet does not work. 





johnwill said:


> Welcome to the club. It's normal for VPN connections to disable other network traffic, it's a security measure.
> 
> Think about the situation, you have a VPN tunnel directly into a protected network. If Internet traffic was allowed on the same computer, you're opening a giant hole in their security.
> 
> I'm frankly surprised they allowed you to do that with the DSL configuration...


----------



## johnwill (Sep 26, 2002)

That's exactly what I'm saying. Over the years I've had a number of different VPN clients here to connect to customers networks. Whenever I connect to their network, all my Internet *AND* Intranet access was cut off until I disconnected. I know that it's possible with some clients to configure so that won't happen, but normally that's not done. Also, any such configuration would be done on the server side.


----------



## Fritz90 (Mar 4, 2009)

There is a known issue with the Netgear Router / Modem combo. It dosen't allow for VPN's to work. As far as Comcast goes they provide cable and internet service, they have nothing to do with the writing of the software on routers, they just buy the cheapest they can find. They send over some "loose" specs for Netgear to follow and and that's it. The firmware needs to be corrected and Netgear needs to write it, but that won't happen. This is a buget minded (_cheap_) decision to minimise customer impact (_make it more profitable for Comast_) therefore there will not be any type of enhanced support (_same basic support any normal paying customer would receive_) 

Just get them to put in a regular modem and go and buy your own router, it'll work fine. You're probably paying addional monthly fees for their router anyway, you can get the cheapest router out there $39.00 and it'll work better than the one your paying rent for. 

As far as the VPN "locking" down all other connections, not sure I'm with ya on that immagine trying to do any business without access to the Web for most it would not be possible. Furthermore coffee shops, airports, and libraries any many other sites have lots of business conducted thru their open wi-fi connections on VPNs. The VPN combined with that company's firewall does provide the secure connection but should never "disable" any other connectons on a network.
Many "IT professionals" tend to go a little overboard with locking features down on a network in the name of Security. Most often they are made to scale back their "security policy" due to it being far too strick to actually get any work done. 
Hope this helps.....:wave:


----------



## johnwill (Sep 26, 2002)

*Fritz90*, you're dead wrong here.

You might want to think about the purpose of a VPN, it's to protect the systems you're connecting to from intrusion from the Internet. Why would a company allow the VPN to connect to their site and enable an Internet connection at the same time? This is an open invitation to malware having a pipeline directly into the company network!

I've used the Nortel VPN client and the Cisco VPN client for various customer accounts. In every case, when I had an active VPN connection to their networks, all other networking was disabled, including local access to other machines on my LAN. This is the way it works.

FWIW, there is a way around this, I took to running a virtual machine with the VPN installed on that platform, this allowed the host machine to still have networking capability.


----------

