[VPN] Re: Best way to setup VPN for clients?

Aida Lumbreras aidamx at kukulkan.net
Sat Jun 11 14:44:14 EDT 2005


The problem you are having has to do with Split tunneling which is
the type of configuration that you need to enable internet access
when the pptp tunnel comes up. Now, this concept does not apply
directly to pptp client and it cannot be configured on the pix (but
cisco vpn clients does have it and it is very easy to enable it on
the pix),  this is actually a known issue with Microsoft. But we do
have a workaround to do split tunneling on PPTP connections. 

You will have to manually modify the routes on the client itself
(win2k workstation for example) to be able to have split tunneling.

Consider the following scenario:

When the PPTP tunnel comes up on the PC, the PPTP route is installed
with  a higher metric than the previous default, so we lose Internet
connectivity. To remedy this, knowing that the network inside our
router was 10.13.1.X (for example), we run a batch file (batch.bat)
to modify the Microsoft routing table, delete the default and
reinstall the default route (this required knowing the IP address the
PPTP client was assigned, i.e. 192.168.1.1): 

Route delete 0.0.0.0 
Route add 0.0.0.0 mask 0.0.0.0 161.44.17.1 metric 1 (normal public DG)
Route add 10.13.1.0 mask 255.255.255.0 192.168.1.1 metric 1  (route
to reach the networks behind the router/pix)


Hope this helps



-- 
Aida Lumbreras 




More information about the VPN mailing list