Connected through VPN,but..

I configured my VPN server on Server 2003. I finally got the access folder
permission going as well. Now my own problem is that everyone who connects to
my vpn server will use my internet connection to browse the internet. I am
connected to the internet via a D-Link 624+ router. This router give my LAN
the internet. is there a way to deny internet access to the dialing in VPN
clients so that they use their own internet connection?

thx

ralph macdouglas

I have never tried to do what you want but what I would try is to see if you
can configure your router to deny internet access to those IP addresses that
your VPN server hands out to VPN clients. It may be easier to configure a
static IP address pool on the VPN server and then deny those addresses if
you currently use DHCP. Another thing that may work is to use Remote Access
Policies where you can configure input filters where you could add entries
to block traffic with destination ports of 80/443/20/21/25/110/119 tcp and
such. You can configure Remote Access Policies in the Remote Access
Management Console - server name/Remote Access Policies. Open the policy and
select edit profile/IP to access from client IP packet filters. --- Steve


"ralph macdouglas" <(E-Mail Removed)> wrote in
message news:E6CB8612-A459-4DCA-95E0-(E-Mail Removed)...
>I configured my VPN server on Server 2003. I finally got the access folder
> permission going as well. Now my own problem is that everyone who connects
> to
> my vpn server will use my internet connection to browse the internet. I am
> connected to the internet via a D-Link 624+ router. This router give my
> LAN
> the internet. is there a way to deny internet access to the dialing in VPN
> clients so that they use their own internet connection?
>
> thx
>
> ralph macdouglas

Note that if you deny clients access to the Internet through your server
they will lose Internet access altogether while the VPN is up, unless they
modify their connection properties.

When a client makes a remote access connection (RAS or VPN), the current
default route is disabled (by increasing its metric) and a new default route
established to the remote server. That is why all their Internet traffic is
coming to you.

To change this, the connection properties of the client must be changed
by clearing the "use default gateway.." box in the advanced TCP/IP settings
for the connection. The default route to the Internet then stays alive, and
only a subnet route is configured to the server.

"Steven L Umbach" <(E-Mail Removed)> wrote in message
news:e59wI6$(E-Mail Removed)...
>I have never tried to do what you want but what I would try is to see if
>you can configure your router to deny internet access to those IP addresses
>that your VPN server hands out to VPN clients. It may be easier to
>configure a static IP address pool on the VPN server and then deny those
>addresses if you currently use DHCP. Another thing that may work is to use
>Remote Access Policies where you can configure input filters where you
>could add entries to block traffic with destination ports of
>80/443/20/21/25/110/119 tcp and such. You can configure Remote Access
>Policies in the Remote Access Management Console - server name/Remote
>Access Policies. Open the policy and select edit profile/IP to access from
>client IP packet filters. --- Steve
>
>
> "ralph macdouglas" <(E-Mail Removed)> wrote in
> message news:E6CB8612-A459-4DCA-95E0-(E-Mail Removed)...
>>I configured my VPN server on Server 2003. I finally got the access folder
>> permission going as well. Now my own problem is that everyone who
>> connects to
>> my vpn server will use my internet connection to browse the internet. I
>> am
>> connected to the internet via a D-Link 624+ router. This router give my
>> LAN
>> the internet. is there a way to deny internet access to the dialing in
>> VPN
>> clients so that they use their own internet connection?
>>
>> thx
>>
>> ralph macdouglas
>
>

Yesterday everything was working fine, but today thats a different story!
Yesterday when i opend the comand prompt windows and typed "ipconfig" i saw 2
network addresses. The first one was RAS something which gave me an ip and
the second one I saw my NIC with its IP address. Now the ras is gone when i
type in ipconfig. This and the working vpn is gone, and i dont know why, i
didnt do i promise People still can try to dial in but the username and
password get rejected. Does anyone know how to get it back? Thx for the hellp
so far, greatly appreciated

Ralph

The internal interface only gets an IP after the first client connects.
When you fix the security problem it will reappear when a client connects.

"ralph macdouglas" <(E-Mail Removed)> wrote in
message news:6508E13E-F815-4846-9773-(E-Mail Removed)...
> Yesterday everything was working fine, but today thats a different story!
> Yesterday when i opend the comand prompt windows and typed "ipconfig" i
> saw 2
> network addresses. The first one was RAS something which gave me an ip and
> the second one I saw my NIC with its IP address. Now the ras is gone when
> i
> type in ipconfig. This and the working vpn is gone, and i dont know why, i
> didnt do i promise People still can try to dial in but the username and
> password get rejected. Does anyone know how to get it back? Thx for the
> hellp
> so far, greatly appreciated
>
> Ralph