Dial-up and Broadband Connections Coexisting in Harmony
Have a dial-up connection that insists on stealing Internet access from your broadband connection? We'll discuss how to configure Windows to allow the two connections to coexist in harmony. We'll also cover how to set up your VPN access to work with Windows XP's Internet Connection Firewall.
By Ron Pacchiano
Q. In my home office I have a cable modem that my desktop computer uses for Internet access. My desktop is also equipped with a 56k modem, which I have recently begun using for dialing in to my company's network to access files I need when I work from home. I'd like to use my cable connection, which is much faster, but as of yet, my company hasn't invested in the necessary hardware for setting up a VPN for remote users.
The problem I've been having is that whenever I use the modem to dial into my workplace, I lose my broadband connection. When I disconnect the dial-up session, the broadband connection is automatically restored. Needless to say, this is extremely annoying and quite frustrating. Do you have any idea why this is happening, and is there anything I can do to prevent it in the future? Thank you!
A. This is a common problem when both a network and dial-up connection are used on the same machine. The good news is that when you connect to your corporate network via dial-up, your NIC's connection to the Internet via the cable modem isn't actually lost.
Every computer with a network connection has a route table with a default route that sends traffic addressed beyond your LAN to the Internet. This is known as the default gateway, which is, in this case, the cable modem (or the router connected to it, if that's the way you have it set up).
What's probably happening is that when you initiate the dial-up connection, your cable modem connection is replaced as the default gateway by the gateway assigned to you by the remote access server you're dialing into. This means that while the dial-up connection is established, any outgoing traffic will be directed through the dial-up interface instead of through your cable modem connection.
You can see this in action by viewing your route table in each scenario. Type ROUTE PRINT at a command prompt while the modem connection is inactive, and then do it again after connecting via the modem. When the modem is active, you'll see an additional ROUTE statement at the top of the list.
You didn't indicate what operating system you were running, and different versions of Windows deal with the default gateway issue differently, but here are a couple of things you can try to resolve the issue.
In the properties screen for your dial-up connection, find the setting labeled "use default gateway on remote network" and clear it. In some cases, though, this may prevent you from accessing resources on the corporate network. If this occurs, or if it doesn't solve the problem, you can manually add routes to your computer's route table. Explicit routes override default ones, so they should direct traffic back to the cable modem interface.
The proper syntax is as follows:
ROUTE ADD <network address> MASK <subnet mask> <gateway address>
So, at a command prompt, type the following:
ROUTE ADD 0.0.0.0 MASK 0.0.0.0 x.x.x.x (where x.x.x.x is the address of your router or cable modem)
ROUTE ADD a.a.a.a MASK b.b.b.b c.c.c.c
Here, the "a" and "b" addresses correspond to your corporate subnet and mask (for example, 172.16.0.0 and 255.255.0.0), and the "c" address is the IP address your dial-up adapter receives when connecting.
The first line restores your default gateway, sending all unspecified traffic out through your cable modem. The second line makes sure that attempts to reach your corporate network are correctly routed to the dial-up interface.
Adding these routes should allow you to simultaneously access your corporate network while still using the preferred cable modem for other forms of traffic.
Here is the tricky part, though; if your dial-up connection is assigned an IP address via DHCP (and many are), then the "C" address will change each time you connect. If this is the case, you'll need to re-enter the route commands with the new "C" address each time you connect via dial-up.
You can save yourself a lot of time and typing by creating a batch file and then just running it (and first editing it, if necessary) whenever you need it. Be advised that if you're using Windows 9x, any additional routes you add will be lost whenever you shut down the system. If you're using a static address for your dial-up connection and you're running Windows 2000 or later, you can make the route statements persistent by adding "-p" (without the quotes) to the end of each line.
I hope this helps. Good Luck!
Q. We are using a DSL line in our office for Internet conductivity. The DSL line is connected to a Windows XP PC running Internet Connection Firewall. Recently, we decided that we would like to have access to the network from outside the office, so we set up a Virtual Private Network (VPN) connection using a PPTP server. The VPN appears to be configured correctly, but we can't seem to gain access to the network. I tried disabling ICF, and to my surprise I discovered that the VPN server was now accessible. This leads me to believe that there's an incompatibility between our PPTP server and Windows XP. I don't feel comfortable having an open Internet connection without a firewall, but it's important that we have access to the VPN. Do you have any suggestions as to what I should do next? Any help would be appreciated. Thanks!
A. In your question you failed to mention which product you're using for VPN access, so I can't really tell you if there is an incompatibility between that specific product and Windows XP's Internet Connection Firewall. However, from the way you've described the problem, I think that your situation has more to do with Windows XP's Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF).
The role of the firewall is to protect your network from unauthorized access. To do this, the firewall monitors all traffic coming into your network. All Internet traffic is based on the TCP/IP protocol. TCP traffic travels through your network on ports. Different services travel along different ports. For example, standard Internet traffic (or HTTP) uses port 80, FTP uses port 21, and TELNET uses port 23. These ports have been pre-defined in ICF to allow this traffic to safely pass into the network. This type of configuration is typically referred to as a "Rule."
So, if you have a Point-to-Point Tunneling Protocol (PPTP) server on your internal network, you'll need to configure Windows XP's ICS to map the PPTP ports to forward the Virtual Private Networking (VPN) traffic on to the PPTP server. This allows the incoming VPN connection to pass through the Windows XP ICS computer. This is done by adding a Service to the ICS Services List. The Services List contains information on the service type, the related TCP or UCP ports, and the IP address of the host system.
To configure ICS to pass PPTP traffic, you first need to know which ports the traffic is going to be passed on. A typical PPTP connection is composed of two types of traffic. The first is PPTP traffic, which uses TCP port 1723 and is used to establish and maintain the connection. The second is Generic Route Encapsulation, or GRE, which uses port 47 and is used to encapsulate the actual data that is passed between the two endpoints. If you were using IPSec as opposed to PPTP, then the port numbers would change to 500, 50, and 51.
A detailed article on this, along with step-by-step instructions, can be found in the Microsoft Knowledge Base at http://support.microsoft.com/default.aspx?scid=kb;EN-US;309524.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|