All HTTP requests time out, unless connected remotely via VPN.

BrokenEnglish: C:\Documents and Settings\ad98080>ping google.com Pinging google.com [74.125.53.100] with 32 bytes of data: Reply from 74.125.53.100: bytes=32 time=90ms TTL=50 Reply from 74.125.53.100: bytes=32 time=59ms TTL=50 Reply from 74.125.53.100: bytes=32 time=257ms TTL=50 Reply from 74.125.53.100: bytes=32 time=54ms TTL=50 Ping statistics for 74.125.53.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 54ms, Maximum = 257ms, Average = 115ms C:\Documents and Settings\ad98080>nslookup Default Server: tonyland (this is my linksys router at home) Address: 192.168.1.1 > host www.google.com Server: google.navigation.opendns.com Addresses: 208.67.219.231, 208.67.219.230 Aliases: www.google.com DNS request timed out. timeout was 2 seconds. *** Request to www.google.com timed-out > Does this confirm a DNS issue?

OK, let's take it step by step. Could you issue the following command from home and from work, with VPN off and on (four trials altogether) and post the results: nslookup google.com I'd also be curious to see whether uninstalling (as opposed to merely disabling) Trend Micro antivirus makes any difference to these results.

@flab: No it isn't setup to do this (at least the IS guy said it wasn't supposed to. Follow up: Still not resolved. The air card install that occurred around the time this started has been resolved by recreating my XP profile... something in my profile was causing that problem. However, the HTTP issue continues across all user profiles (local admin or not). Until the IS guy can get me a new lappy, I just run the VPN constantly.

Are you sure your VPN client isn't set up to do exactly this? Some of them have an option or preference specifically designed to force the host to route all network traffic via the VPN. This allows lazy sysadmins to avoid needing to maintain separate subnets for physically secure in-house work computers and VPN-connected remotes. If that's how your workplace is set up, corporate IT is not going to be happy to see what is effectively a workplace computer having Internet access that bypasses the corporate firewalls.

I have no experience with the Cisco VPN, but OpenVPN has options to allow me to push (as the administrator) new DNS info to the clients when they connect. They get their old settings back when they disconnect. Looks like you have a similar thing. Is your usual (non-VPN) ethernet connection still set to use DHCP to set itself up? I'm guessing that you would use something like this. Maybe the card you tried to install changed the ethernet settings to a static IP, which works at one location but not another? Like I said, there's only so much I can tell remotely but your hunch about DNS seems to be right. If your IS people won't help, can you get to the ethernet adaptor settings to check out where the IP address, gateway and DNS servers are pulled from? (Control Panel -> Network Settings or something like that.)

so I am back in the office, and sure enough, no luck with HTTP. So, I fired up the VPN client (not expecting it to work, because I didnt think it could connect from within the network), and I have HTTP connectivity now. This is definitely tied to the VPN client somehow, as I only get HTTP connectivity when it is running. I see below that the DNS servers for my Ethernet connection are different than the DNS servers for my ethernet connection when in the office. Is that normal? Ethernet adapter Local Area Connection 9: Connection-specific DNS Suffix . : xxxxxxx.com Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-12-3F-13-46-BA Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.83.14.34 Subnet Mask . . . . . . . . . . . : 255.255.252.0 Default Gateway . . . . . . . . . : 10.83.12.253 DHCP Server . . . . . . . . . . . : 10.83.12.40 DNS Servers . . . . . . . . . . . : 10.83.12.33 10.83.12.32 Primary WINS Server . . . . . . . : 10.83.12.40 Secondary WINS Server . . . . . . : 10.83.12.34 Lease Obtained. . . . . . . . . . : Wednesday, November 18, 2009 8:31:01 AM Lease Expires . . . . . . . . . . : Thursday, November 26, 2009 8:31:01 AM Ethernet adapter Local Area Connection 11: Connection-specific DNS Suffix . : xxxxxx.com Description . . . . . . . . . . . : Cisco Systems VPN Adapter Physical Address. . . . . . . . . : 00-05-9A-3C-78-00 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.24.40.224 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 172.24.6.35 172.24.8.35 Primary WINS Server . . . . . . . : 172.24.7.67 Secondary WINS Server . . . . . . : 172.24.6.35

The only thing which might have affected that result is if you had already resolved www.google.com and it had cached that info, when you were connected via VPN. Typing ipconfig /flushdns will clear the cache. If you can try the proxy thing, that would be a good next step. Most workplaces have them but do "transparent redirection" so you might not know you were using it. If you set it explicitly, it might make a difference. You'd need to get the numbers from IS. BTW, to come back to the virus thing (and thinking about a problem one of my users had a while ago) some viruses and malware will reset the DNS servers you use to one of their own. This allows them to redirect requests to your bank (for example) to their own phishing server. Typing ipconfig /all will tell you your DNS server IP addresses: Connection-specific DNS Suffix . : somewhere.local Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller Physical Address. . . . . . . . . : 91-16-1A-0F-18-10 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.17.2.150(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Lease Obtained. . . . . . . . . . : 18 November 2009 14:41:10 Lease Expires . . . . . . . . . . : 17 January 2010 14:41:09 Default Gateway . . . . . . . . . : 172.17.2.1 DHCP Server . . . . . . . . . . . : 172.17.2.1 DNS Servers . . . . . . . . . . . : 172.17.2.1 172.17.2.2 Primary WINS Server . . . . . . . : 172.17.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled I mention this because the DNS server they will redirect you to might work for www.google.com but will then give you a bogus IP address for www.mybankname.com. That's as much as I can tell you without having access to your PC.>>

results from Windows XP connectivity diagnostic wizard: HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity info FTP (Passive): Successfully connected to ftp.microsoft.com. info HTTPS: Successfully connected to www.microsoft.com. warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established error Could not make an HTTP connection.

doh, I just saw what you said about the typo. I tried it again: > www.google.com Server: tonyland Address: 192.168.1.1 Non-authoritative answer: Name: google.navigation.opendns.com Addresses: 208.67.219.231, 208.67.219.230 Aliases: www.google.com it didn't time out this time.