Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Reaching other subnets on the VPN

2 views
Skip to first unread message

Jordan

unread,
Dec 28, 2009, 10:45:41 PM12/28/09
to

I currently have one subnet (192.168.150.x). When users VPN in using the
built in XP VPN client to our W2003 RRAS server I usually set them up so the
"Use Default Gateway on Remote Computer" is not checked. This way they can
still browse the Internet. If then enable the gateway they are not able to
access anything other that the 192.168.150.x subnet becasue of some network
security measures.

I need to subnet the network to have the following networks:

192.168.150.x
192.168.151.x
192.168.152.x
192.168.153.x

The problem I am having is that the only easy way I can get to the 151-153
subnets remotely is by enabling the default gateway option on the VPN
connection which then causes the user to not be able to browse while they
are connected to work.

For myself I usually just use a batch file with the "Route Add" command to
set the routes to my IP Address on my VPN connection like so

AddRoute.bat (Last digits of IP)
=============================
route add 192.168.151.0 mask 255.255.255.0 192.168.150.%1
route add 192.168.152.0 mask 255.255.255.0 192.168.150.%1
route add 192.168.153.0 mask 255.255.255.0 192.168.150.%1
=============================

Is there an easier way to get this routes down to VPN clients automatically?

Bill Grant

unread,
Dec 29, 2009, 2:21:28 AM12/29/09
to

"Jordan" <no...@here.com> wrote in message
news:um16alDi...@TK2MSFTNGP04.phx.gbl...

You could use one bundled route rather than a lot of individual ones.
eg

route add 192.168.0.0 mask 255.255.0.0 192.168.150.%1

Jordan

unread,
Jan 1, 2010, 7:26:16 AM1/1/10
to
True, but how do I pass this route to the VPN clients. When they are on the
LAN the routes are handled by the default routers. When a user VPNs in with
the "Default gateway on remote computer" enabled, they have to tunnel
through the VPN to get out to the Internet and that is a bottleneck.

I want it so the user still uses their own route to the Internet for all
addresses other that the 192.168.15y.x when they VPN in.


"Bill Grant" <not.available@online> wrote in message
news:ObT$zdFiKH...@TK2MSFTNGP06.phx.gbl...

Bill Grant

unread,
Jan 1, 2010, 6:22:56 PM1/1/10
to
If you have disabled "use default gateway.." on the client, you will have
to add the static route to the client machine, because that is where the
routing decision is made. Otherwise the traffic will go out to the Internet,
not through the tunnel.


"Jordan" <no...@here.com> wrote in message

news:uIxfS2ti...@TK2MSFTNGP02.phx.gbl...

0 new messages