Re: Reaching other subnets on the VPN

"Jordan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I currently have one subnet (192.168.150.x). When users VPN in using the
> built in XP VPN client to our W2003 RRAS server I usually set them up so
> the "Use Default Gateway on Remote Computer" is not checked. This way
> they can still browse the Internet. If then enable the gateway they are
> not able to access anything other that the 192.168.150.x subnet becasue of
> some network security measures.
>
> I need to subnet the network to have the following networks:
>
> 192.168.150.x
> 192.168.151.x
> 192.168.152.x
> 192.168.153.x
>
> The problem I am having is that the only easy way I can get to the 151-153
> subnets remotely is by enabling the default gateway option on the VPN
> connection which then causes the user to not be able to browse while they
> are connected to work.
>
> For myself I usually just use a batch file with the "Route Add" command to
> set the routes to my IP Address on my VPN connection like so
>
> AddRoute.bat (Last digits of IP)
> =============================
> route add 192.168.151.0 mask 255.255.255.0 192.168.150.%1
> route add 192.168.152.0 mask 255.255.255.0 192.168.150.%1
> route add 192.168.153.0 mask 255.255.255.0 192.168.150.%1
> =============================
>
> Is there an easier way to get this routes down to VPN clients
> automatically?
>
>
>
>

You could use one bundled route rather than a lot of individual ones.
eg

route add 192.168.0.0 mask 255.255.0.0 192.168.150.%1

If you have disabled "use default gateway.." on the client, you will have
to add the static route to the client machine, because that is where the
routing decision is made. Otherwise the traffic will go out to the Internet,
not through the tunnel.


"Jordan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> True, but how do I pass this route to the VPN clients. When they are on
> the LAN the routes are handled by the default routers. When a user VPNs
> in with the "Default gateway on remote computer" enabled, they have to
> tunnel through the VPN to get out to the Internet and that is a
> bottleneck.
>
> I want it so the user still uses their own route to the Internet for all
> addresses other that the 192.168.15y.x when they VPN in.
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:ObT$(E-Mail Removed)...
>>
>>
>> "Jordan" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> I currently have one subnet (192.168.150.x). When users VPN in using
>>> the built in XP VPN client to our W2003 RRAS server I usually set them
>>> up so the "Use Default Gateway on Remote Computer" is not checked. This
>>> way they can still browse the Internet. If then enable the gateway they
>>> are not able to access anything other that the 192.168.150.x subnet
>>> becasue of some network security measures.
>>>
>>> I need to subnet the network to have the following networks:
>>>
>>> 192.168.150.x
>>> 192.168.151.x
>>> 192.168.152.x
>>> 192.168.153.x
>>>
>>> The problem I am having is that the only easy way I can get to the
>>> 151-153 subnets remotely is by enabling the default gateway option on
>>> the VPN connection which then causes the user to not be able to browse
>>> while they are connected to work.
>>>
>>> For myself I usually just use a batch file with the "Route Add" command
>>> to set the routes to my IP Address on my VPN connection like so
>>>
>>> AddRoute.bat (Last digits of IP)
>>> =============================
>>> route add 192.168.151.0 mask 255.255.255.0 192.168.150.%1
>>> route add 192.168.152.0 mask 255.255.255.0 192.168.150.%1
>>> route add 192.168.153.0 mask 255.255.255.0 192.168.150.%1
>>> =============================
>>>
>>> Is there an easier way to get this routes down to VPN clients
>>> automatically?
>>>
>>>
>>>
>>>
>>
>> You could use one bundled route rather than a lot of individual ones.
>> eg
>>
>> route add 192.168.0.0 mask 255.255.0.0 192.168.150.%1
>>
>>
>>
>
>
>