Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
5
Helpful
2
Replies

VPN 3000 and Split Tunneling with Win2K PPTP client

dan.ring
Level 1
Level 1

‎07-18-2002 06:50 AM - edited ‎02-21-2020 11:56 AM

Hi everyone,

I've recently swapped our firewall for a PIX & VPN 3005 combination. I intend to deploy the vpn client after some testing, but in the meantime I have left PPTP enabled so the users can use the built in Win2K vpn client.

In the connection properties of Windows 2000, some users tried to turn off the 'use default gateway of remote network' setting - ie, they were trying to accomplish split tunneling by not routing everything through the tunnel.

I have enable split tunneling on the VPN 3005 using a network list for the internal LAN, but this still doesn't work. It seems that there's no way for the concentrator to inform the PPTP clients which networks to route through the tunnel, and which not to.

So my question is, am I correct? do Win2K PPTP users have to tunnel everything through the gateway until the vpn client is deployed?

I should mention that vpn users are not on the same segment as the rest of the servers on the internal LAN - I have a Tunnel Default Gateway configured that routes them to the internal LAN.

thanks,

Dan Ring

Labels:
0 Helpful
2 Replies 2

paqiu
Level 1
Level 1

‎07-18-2002 03:54 PM

Hi Dan,

I have quickly tested in our lab for your issue.

You still can use split-tunnel for PPTP client to our cocentrator:

1 If you assign the ip pool address to your PPTP client is part of your inside network ( for example : you inside network is 192.168.100.x/24 and your PPTP pool is 192.168.100.220 to 192.168.100.254), if you turn off 'use default gateway of remote network' setting, the split-tunnel will be working fine.

You do not need to do anything more.

2 If you assign the ip ppol address is different with your inside network,for example : you inside network is 192.168.100.x/24 and your PPTP pool is 192.168.1.1 to 192.168.1.254.

In spite of you turn off 'use default gateway of remote network' setting, you still need maually add static route when you connect with PPTP.

route add 192.168.100.0 mask 255.255.255.0

That is the only way to make PPTP split-tunnel working.

Because PPTP is Microsoft VPN protocol, we can not do too much for that.

Try to use Cisco unity VPN client, that is much handy in split-tunnel funcation.

Best Regards,

dan.ring
Level 1
Level 1
In response to paqiu

‎07-22-2002 10:41 AM

Thank you -

My scenario is the second one. I had tried to add a route to the internal network, but the mistake I made was trying to use a router as the gateway for this route - not the actual client PPTP address as the gateway.

I will try this out...until I deploy the vpn client.

Dan

0 Helpful
Customers Also Viewed These Support Documents