RAS'd in: why traffic routed via VPN's network ?

Why is it that when RAS'd into a VPN that much of your network traffic is
routed through the internal routers of the VPN's network ?

I'm not talking about the case where you are Remote Desktop'd into a machine
that is a member of the VPN's network.

I'm talking about the case of having a VPN connection open, and making the
following two types of requests directly from your machine:

1. Making simple browser requests from your box to public websites:
google.com , whatever. If you look at the tracert, you see that the VPN's
network router (and then it's inet provider) is forwarding the packets.
This slows down speed of web access relative to if the traffic was routed
through you local inet connection.

2. When Outlook needs to contact its assigned Exchange Server it tries to
locate it on the VPN's network ! Incredibly annoying. You can see Outlook
popping up message boxes above the systray saying that it's unable to find
its Exchange Server.

Can Windows Server 2003 be configured so that it knows to first go to the
local network and the local router for requested urls, including local
network resources ?

That is the default option. It can be changed, but not by making changes
on the server. The changes must be made at the client end. That is where the
routing decision has to be made.

By default a remote access connection makes the connection the default
route for the client machine. For VPN, that means all non-local traffic goes
across the VPN link to the VPN server. You can modify this behavior by using
split tunneling. You do this by clearing the "use default gateway... " check
box. For more detail see KB 254231 .

John A Grandy wrote:
> Why is it that when RAS'd into a VPN that much of your network
> traffic is routed through the internal routers of the VPN's network ?
>
> I'm not talking about the case where you are Remote Desktop'd into a
> machine that is a member of the VPN's network.
>
> I'm talking about the case of having a VPN connection open, and
> making the following two types of requests directly from your machine:
>
> 1. Making simple browser requests from your box to public websites:
> google.com , whatever. If you look at the tracert, you see that the
> VPN's network router (and then it's inet provider) is forwarding the
> packets. This slows down speed of web access relative to if the
> traffic was routed through you local inet connection.
>
> 2. When Outlook needs to contact its assigned Exchange Server it
> tries to locate it on the VPN's network ! Incredibly annoying. You
> can see Outlook popping up message boxes above the systray saying
> that it's unable to find its Exchange Server.
>
> Can Windows Server 2003 be configured so that it knows to first go to
> the local network and the local router for requested urls, including
> local network resources ?

Hi Bill and thanks for the response. I tried reading that KB article, but
I'm not a networking guy. I have some questions:

1. how to generate route tables (such as those shown in the article)

2. is "disable the Use default gateway on remote network" option all that
must be done to force traffic to 1st attempt to route via the local network
?




"Bill Grant" <not.available@online> wrote in message
news:euzQM$(E-Mail Removed)...
> That is the default option. It can be changed, but not by making
> changes on the server. The changes must be made at the client end. That is
> where the routing decision has to be made.
>
> By default a remote access connection makes the connection the default
> route for the client machine. For VPN, that means all non-local traffic
> goes across the VPN link to the VPN server. You can modify this behavior
> by using split tunneling. You do this by clearing the "use default
> gateway... " check box. For more detail see KB 254231 .
>
> John A Grandy wrote:
>> Why is it that when RAS'd into a VPN that much of your network
>> traffic is routed through the internal routers of the VPN's network ?
>>
>> I'm not talking about the case where you are Remote Desktop'd into a
>> machine that is a member of the VPN's network.
>>
>> I'm talking about the case of having a VPN connection open, and
>> making the following two types of requests directly from your machine:
>>
>> 1. Making simple browser requests from your box to public websites:
>> google.com , whatever. If you look at the tracert, you see that the
>> VPN's network router (and then it's inet provider) is forwarding the
>> packets. This slows down speed of web access relative to if the
>> traffic was routed through you local inet connection.
>>
>> 2. When Outlook needs to contact its assigned Exchange Server it
>> tries to locate it on the VPN's network ! Incredibly annoying. You
>> can see Outlook popping up message boxes above the systray saying
>> that it's unable to find its Exchange Server.
>>
>> Can Windows Server 2003 be configured so that it knows to first go to
>> the local network and the local router for requested urls, including
>> local network resources ?
>
>

"If you disable the Use default gateway on remote network option in the
dial-up connection's properties, a network route is added as before."

I can't find where to set this option in Win XP Pro SP2.

It is not available in Network Connections > Virtual Private Network >
Properties of a listed connection


"John A Grandy" <johnagrandy-at-yahoo-dot-com> wrote in message
news:(E-Mail Removed)...
> Why is it that when RAS'd into a VPN that much of your network traffic is
> routed through the internal routers of the VPN's network ?
>
> I'm not talking about the case where you are Remote Desktop'd into a
> machine that is a member of the VPN's network.
>
> I'm talking about the case of having a VPN connection open, and making the
> following two types of requests directly from your machine:
>
> 1. Making simple browser requests from your box to public websites:
> google.com , whatever. If you look at the tracert, you see that the VPN's
> network router (and then it's inet provider) is forwarding the packets.
> This slows down speed of web access relative to if the traffic was routed
> through you local inet connection.
>
> 2. When Outlook needs to contact its assigned Exchange Server it tries to
> locate it on the VPN's network ! Incredibly annoying. You can see
> Outlook popping up message boxes above the systray saying that it's unable
> to find its Exchange Server.
>
> Can Windows Server 2003 be configured so that it knows to first go to the
> local network and the local router for requested urls, including local
> network resources ?
>
>
>
>

You need to continue to select TCP/IP properties>Advanced.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"John A Grandy" <johnagrandy-at-yahoo-dot-com> wrote in message news:(E-Mail Removed)...
"If you disable the Use default gateway on remote network option in the
dial-up connection's properties, a network route is added as before."

I can't find where to set this option in Win XP Pro SP2.

It is not available in Network Connections > Virtual Private Network >
Properties of a listed connection


"John A Grandy" <johnagrandy-at-yahoo-dot-com> wrote in message
news:(E-Mail Removed)...
> Why is it that when RAS'd into a VPN that much of your network traffic is
> routed through the internal routers of the VPN's network ?
>
> I'm not talking about the case where you are Remote Desktop'd into a
> machine that is a member of the VPN's network.
>
> I'm talking about the case of having a VPN connection open, and making the
> following two types of requests directly from your machine:
>
> 1. Making simple browser requests from your box to public websites:
> google.com , whatever. If you look at the tracert, you see that the VPN's
> network router (and then it's inet provider) is forwarding the packets.
> This slows down speed of web access relative to if the traffic was routed
> through you local inet connection.
>
> 2. When Outlook needs to contact its assigned Exchange Server it tries to
> locate it on the VPN's network ! Incredibly annoying. You can see
> Outlook popping up message boxes above the systray saying that it's unable
> to find its Exchange Server.
>
> Can Windows Server 2003 be configured so that it knows to first go to the
> local network and the local router for requested urls, including local
> network resources ?
>
>
>
>