Yes the device does have the routes, and the box is not checked.
The underlying problem with checking the default gateway option is that the
users are no longer able to browse the internet. This is becuase the VPN
terminates on the outside card of the firewall and is not able to do the
redirection back out the same card.
(The tunnel terminates 'outside' the firewall, not 'inside')
> -----Original Message-----
> From: Miley, Dan [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 11:34 AM
> To: NT System Admin Issues
> Subject: RE: VPN routing
>
>
> does the VPN/firewall device have routes in it to the other
> subnets. (route
> print under NT, or show ip route under IOS)
>
> under 2000 there's a check box under tcpip
> properties->advanced->networking
>
> that says "use default gateway on remote network" or somesuch. is that
> checked?
>
> -----Original Message-----
> From: Jason Gauthier [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 25, 2001 10:09 AM
> To: NT System Admin Issues
> Subject: VPN routing
>
>
>
> This is a somewhat involved problem, so I'll try to give as
> much detail as
> possible to help paint a picture.
>
> We've got several internal subnets. (i.e., 192.168.1.x, 192.168.2.x,
> 192.168.3.x and so forth)
> We have a firewall device terminating the VPN connections.
> The pool of IP
> addresses assigned for this are in our primary subnet.
> (192.168.1.x).
> By default, the W2k PPTP client adds a route to the network
> your VPN device
> is assigned. So, now all traffic destined for 192.168.1.x via the VPN
> connection works great.
>
> However, any communications to the other subnets will try and
> find their way
> using my default route. My ISP.. and they won't get anywhere.
>
> I can remedy this problem manually pretty easily:
>
> ipconfig /all
> get IP address of VPN interface
> route add 192.168.0.0 MASK 255.255.0.0 [ip address of VPN interface]
>
> However, This is not a sufficient task to ask my remote end users.
> I'm looking for a way to automatically execute this command
> after the VPN
> connection is established.
> Even a batch file they can run manually would be acceptable.
> The problem I've run into, is that Windows does not have very
> advanced text
> handling routines as commands. So stripping the IP address
> from ipconfig to
> save into a variable is nearly impossible.
>
> Thoughts, ideas, suggestions?
>
> Jason
>
>
>
>
>
> Want to unsub? Do that here:
> http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsys
admin&text_mod
e=0&lang=english
This e-mail may be privileged and/or confidential, and the sender does not
waive any related rights and obligations. Any distribution, use or copying
of this e-mail or the information it contains by other than an intended
recipient is unauthorized. If you received this e-mail in error, please
advise me (by return e-mail or otherwise) immediately.
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0&lang=english
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
