[vpn] Windows 2000 Updating Static Routes

Les W. Salmon Les.Salmon at vanguardadmin.com
Thu Oct 4 05:27:55 EDT 2001

I am in serious need for a resolution to my problem.  Although having
trawled the net for answers, I keep coming up with the same 'words of
wisdom', that simply do not work.

OK, irrelevant of what I have in the middle (i.e. proxy servers nat
firewall etc), I have a working VPN connection which I am happy with,
EXCEPT for ....

A little background of the setup, just so that you know what I am using.

At home - I have a Windows 2000 workstation (SP2) that is running
WinRoute Pro and makes full use if its firewall protection.  After this
workstation connects to the Internet, it then makes the VPN connection
to my office network; no problem.

At the office - There is a Nokia 110 CheckPoint Firewall-1 unit that
handles all the Internet traffic in and out.  I have configured this to
allow the traffic to move between a Windows 2000 Server (SP2) which is
running the Win2k VPN Server Application, and again, this all works.

The problem - Windows 2000 Server.  It accepts the connection from my
home network, and allows the VPN to connect - GREAT, however there is a
problem with the IP Routing.  Within Win2k, I have setup a static route
which sets up the routing between my home IP range 192.168.20.x and the
port to which it connects on the Server  I cannot get
Netsh, or any other command line utility to update the route at all.
What I have to do, is go into the Routing and Remote Access, IP Routing,
Static Routes; and manually make a change to the route entry, so that
Win2K updates its routes.

I read that I am supposed to be able to run the command line utility
Netsh which should make the necessary update active, but it doesn't.
The command is supposed to be ..

C:\>  netsh routing ip update persistentroute name="Internal" nhop=
In the Routing and Remote Access part of the Computer Management, the
Interface that the Static Route works on is called "Internal".

To manually update the route, I change this to "Local Area Connection",
and then back to "Internal" again.
What I have entered in that screen is ...

Interface	:	Internal
Destination	:
Network Mask	:
Gateway	:
Metric      	:	1

Can anyone help me please with some way or script that will control this
update.  And perhaps explain to me what is wrong with this picture.
Alternatively, with the kit I have in place, advise me of another way, a
better way of doing this.  I can't use CheckPoint's SecureRemote,
because WinRoute Pro doesn't support the client software, and I don't
want to change WinRoute Pro, 'cause it is one of the coolest Internet
Routers available.

Kind regards

Les Salmon

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list