[VPN] Re: Best way to setup VPN for clients?

Baxter Shepperson bax at shepfam.net
Sat Jun 11 14:46:31 EDT 2005


So is there a better solution instead of using PPTP?  Would like this  
to be transparent to the users.  Appreciate the quick response and  
your time by the way :)



On Jun 11, 2005, at 11:44 AM, Aida Lumbreras wrote:

> The problem you are having has to do with Split tunneling which is
> the type of configuration that you need to enable internet access
> when the pptp tunnel comes up. Now, this concept does not apply
> directly to pptp client and it cannot be configured on the pix (but
> cisco vpn clients does have it and it is very easy to enable it on
> the pix),  this is actually a known issue with Microsoft. But we do
> have a workaround to do split tunneling on PPTP connections.
>
> You will have to manually modify the routes on the client itself
> (win2k workstation for example) to be able to have split tunneling.
>
> Consider the following scenario:
>
> When the PPTP tunnel comes up on the PC, the PPTP route is installed
> with  a higher metric than the previous default, so we lose Internet
> connectivity. To remedy this, knowing that the network inside our
> router was 10.13.1.X (for example), we run a batch file (batch.bat)
> to modify the Microsoft routing table, delete the default and
> reinstall the default route (this required knowing the IP address the
> PPTP client was assigned, i.e. 192.168.1.1):
>
> Route delete 0.0.0.0
> Route add 0.0.0.0 mask 0.0.0.0 161.44.17.1 metric 1 (normal public DG)
> Route add 10.13.1.0 mask 255.255.255.0 192.168.1.1 metric 1  (route
> to reach the networks behind the router/pix)
>
>
> Hope this helps
>
>
>
> -- 
> Aida Lumbreras
>
>




More information about the VPN mailing list