Link to home
Start Free TrialLog in
Avatar of parms
parms

asked on

Where is the routing table stored Win 2K/XP?

I wanted to know how to update the "raw" routing table for Windows XP Pro or Windows 2000 Pro. I do not want to use the "route" command.
Avatar of geoffryn
geoffryn

Update this registry key.

 HKEY_LOCAL_MACHINE
    \SYSTEM
      \CurrentControlSet
        \Services
          \Tcpip
            \Parameters
              \PersistentRoutes
One caveat, the routes will only be in effect after a reboot.  The active routing table is held in memory and can only be modified by the route.exe or another programatic means.
I know you say you don't want to use the route command - but is there a particular reason why?  If you want to add a persistent route without modifying the registry, you can do so with the route command.  Just add the -p switch.
Avatar of parms

ASKER

I'm trying to use Nortel's Contivity VPN software version 4.15 on Windows XP. On Windows 2000, I used a previous version and could use the route command to change the routing table, enabling me to use the Internet and E-mail on my local computer, as well as being connected to the VPN. With V 4.10 onwards of the VPN software (the only ones that run on XP), when the routing table changes (using the route command) the software drops the connection with a message complaining that the routing table had changed.
I was thinking that perhaps I could change the table "manually" to see if the VPN software picked that up.
Doesn't that violate your company security policy?  If you route around your VPN, you create a back door into your corporate network.
This concept is called split-tunneling and many times you have to enable it in order to get around the fact that everything is forced over the VPN.  This is definitely more efficient.  

Many VPN clients, such as the new Cisco clients come with a built in firewall, to block intrusion attempts while the tunnel is up.  

I would check with Nortel to find out their support of split-tunnels and firewall protection for clients.
I am aware of the concept.  Checkpoint has been using an encrypted topology verson of split tunneling for years.  My question was more one of policy.  
Avatar of parms

ASKER

Well... as far as company policy is concerned, the CEO mandated this route setup in the first place.
In any case, the PC's running the VPN software are actually behind firewalls, so our security guys don't seem too unhappy about "split-tunneling".
Geoffryn - so you know - the intended audience of my last post was not you, it was parms.  I was not trying to insult your knowledge - I was only clarifying for parms.

Parms - have you checked with Nortel then to see how they support split tunnels?  Often it is as simple as a checkbox.  It msy be more than that, but I would think it supports it at the very least.
Avatar of parms

ASKER

This is from the "Help" section of the VPN Software:

"The Contivity VPN Switch administrator can set up a default route on the Switch to forward traffic to the Internet. If this default route is not configured, you will need to disconnect the Contivity connection to web browse the Internet..."

Since the switch is on a Client's site, and they are not willing (or able) to perform the above task, it would appear that I'm stuck.
parms:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
ASKER CERTIFIED SOLUTION
Avatar of SpazMODic
SpazMODic

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial