RAS/VPN Routing Problem with standard gateway

[Thomas Pagel]

Hi,

I've set up a VPN with Windows2003 and ISA Server 2000 (installed as 3homed
DMZ configuration). We also have some other routers serviced by some static
routes on the VPN server. The VPN uses DHCP with adresses from the local
intranet.

Now users want to connect to the vpn. The decission is how to use the
standard gateway... If I leave the setting "use standard gateway on remote
network" switched on, I can reach all the servers on the intranet and all
routes to the different other networks served by the other routers. But the
user can't use the internet anymore, somehow the traffic got stuck... I
expected internet traffic to be routed through the VPN server to the
internet... but this doesn't work...

If I switch the setting "use standard gateway on remote network" I can still
use the internet (through the ISP), but I can only use the servers on the
intranet, all other routes are not working.

I tried to give the vpn an own subnet by distributing IP adresses by RRAS
only. That made the situation even worse...

So what can do?

Thanks,



Thomas

 

[Bill Grant]

If you are using the proxy service in ISA, the clients will need to put
the proxy server address into the connection properties (so that proxy
traffic is correctly routed to the proxy server).

On the client, go to Internet Options, click the Connections tab then
highlight the VPN connection. Click Settings, and enter the ISA server's IP
address in the proxy server box.

 

[Bill Grant]

To use the "split tunnel" option to allow the client to use the
existing Internet connection, you must add routes to the client to send all
LAN traffic through the tunnel. When you disable the "use default gateway ..
" box, only a subnet route for the subnet matching the "received" IP is set
up through the tunnel. See KB 254231.