VPN Connection

[djbaker2]

Hi
I have a work VPN connection which i need to have connected most of the
time. When it is connected i have trouble browsing the web because all
the requests go over the VPN connection. I also lose my MSN messenger
connection, I was wondering if there was a way to set it up so that all
requests bound for servers not on the works network are routed straight
out over the internet. I run Windows XP pro and have a linksys
broadband router, my company IP scheme is 194.62.153/154.* and my home
network scheme is the arbitary 192.168.1.*

Any help would be a ppreciated even a sugestion of a windows technology
to investigate.

thanks in advance
David Baker

 

[Pegasus \(MVP\)]

Hi
I have a work VPN connection which i need to have connected most of the
time. When it is connected i have trouble browsing the web because all
the requests go over the VPN connection. I also lose my MSN messenger
connection, I was wondering if there was a way to set it up so that all
requests bound for servers not on the works network are routed straight
out over the internet. I run Windows XP pro and have a linksys
broadband router, my company IP scheme is 194.62.153/154.* and my home
network scheme is the arbitary 192.168.1.*

Any help would be a ppreciated even a sugestion of a windows technology
to investigate.

thanks in advance
David Baker

When configuring your VPN connection on your own machine,
make sure to untick the box "Select Default Gateway on remote
network". You'll find it under Properties / Networking / TCP/IP /
Advanced.

 

[Bill Brehm]

I am looking for the opposite solution. If the VPN server side is Win2K or
WinXP workstation, is it possible to set up the VPN server to take the
internet traffic from the VPN client and route it out the Internet. This
would effectively have me browsing from the VPN server computer rather than
the VPN client.

 

[Pegasus \(MVP\)]

In this case you obviously leave the tick mark in place.

 

[Bill Brehm]

Yes, of course on the client side. But how can I configure the server side
to pass the Internet data from the client out to the Internet?

Normally when I set up a new client VPN connection, I forget to unclick the
Default Gateway checkbox. When I connect to the VPN server (as a reminder,
on a workstation, not on a server) I can no longer browse the web because
the Internet data is going to the VPN server, but the server is not
forwarding it to the Internet or it is not forwarding the replies back to
the client or both.

 

[Pegasus \(MVP\)]

I did not do anything special at the server end - I simply
accepted the default values when enabling VPN access.

 

[Bill Brehm]

Are you using Win2K server or workstation?

I ran a tracert and only got one step to the VPN server side of the tunnel.
So I guess the data is not being routed or NAT'd. I thought maybe ICS might
do the job. I have to set up another PC to test. I can't do he test on the
real PC because it's nine timezones away and I'm afraid to lose the ability
to reach it if i make a mistake.

 

[Pegasus \(MVP\)]

I'm using a SBS 2003 as a VPN host.

If I was in your position then I would set up a test bed in my
own office and test it thoroughly until I was fully comfortable
with it. I would also create a tunnel through the router at
the far end so that I could launch a Remote Desktop session
at any time, regardless of the operation of the VPN. Only
then would I start working on the remote PC's VPN.

 

[Ryan Hanisco]

David,

For a remote telecommuter scenario like that there are some things you
can do with windows to try to separate your traffic, but there is no
real "good way" to do it. In a larger environment, you would rely on
your infrastructure equipment to handle that and do a class map to
decide what got sent into the tunnel and what didn't.

You could put a routing statement and NAT to handle this on your
machine, but then you'd have to flip that back and forth every time you
were off the VPN.

You may just want to live with this one.

Ryan

 

[Pegasus \(MVP\)]

Have a look at the dates. David's issue appears to have
been resolved one month ago. Bill piggy-backed on David's
post - he is currently trying to solve the opposite of David's
problem.

Are you replying to David or to Bill?

 

[Bill Brehm]

Sorry, I guess piggybacking isn't a good idea.

I still don't know if what I want can be done when the VPN host (I had been
saying VPN server) is a Win2K workstation and not a WinK server. I am
looking into ICS and wrote a non-piggybacked post about that. Does Win2K
workstation have NAT capability?

 

[jeff.capone]

Guys,

You might be interested in this free zero-configuration VPN software -
no firewall configration required and it has great throughput. It
allows you to create and form your
own private networks over the internet.

Check it out: http://www.leafnetworks.net

Thanks!