CharlieChicago
asked on
Windows 7 using Internet while connected to company VPN
We have several remote users now using Windows 7; microsoft VPN When they connect to the company VPN to run applications, get email, and exchange files they are often on for several hours at time.
Problem
Through out the day, they need to log onto other customer portal sites to pull information they require (credit / invoices) for their work. They can not use their internet browser without disconnecting from the VPN.
Deisred Solution
the users would like to keep their VPN client open for outlook-to-exchange email and using network applications, BUT use internt brower to resolve outside of VPN network requests.
Work So Far
It seems the when we turn off the "remote gateway", the users can surf the internet; but loose the ablity to get outlook-to-exhange email. I've look through various posts and can not find a solution that fits.
Problem
Through out the day, they need to log onto other customer portal sites to pull information they require (credit / invoices) for their work. They can not use their internet browser without disconnecting from the VPN.
Deisred Solution
the users would like to keep their VPN client open for outlook-to-exchange email and using network applications, BUT use internt brower to resolve outside of VPN network requests.
Work So Far
It seems the when we turn off the "remote gateway", the users can surf the internet; but loose the ablity to get outlook-to-exhange email. I've look through various posts and can not find a solution that fits.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It worked great.
Awesome
To resolve this issue, configure the client computers to use the default gateway setting on the local network for Internet traffic and a static route on the remote network for VPN-based traffic.
NOTE: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
Back to the top
Step 1: Configure the Server That Is Running Routing and Remote Access to Use a Static IP Address Pool
Windows 2000 Server
1. Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
2. Right-click the server that is running Routing and Remote Access, and then click Properties.
3. Click the IP tab, click Static address pool, and then click Add.
4. Type the start of the Internet Protocol (IP) address range in the Start IP address box, type the end of the IP address range in the End IP address box, and then click OK.
NOTE: Configure a pool of static IP addresses on a different network segment than the network segment on which the internal local area network (LAN) exists.
5. Click to select the Enable IP routing check box (if it is not already selected).
6. Click OK.
7. Enable TCP/IP forwarding. For additional information about how to enable IP forwarding, click the article number below to view the article in the Microsoft Knowledge Base:
230082 (http://support.microsoft.com/kb/230082/EN-US/ ) How to Enable TCP/IP Forwarding in Windows 2000
Windows NT Server 4.0
1. Click Start, point to Settings, click Control Panel, and then double-click Network.
2. Click the Services tab, click Remote Access Service in the Network Services list, and then click Properties.
3. Click Network, click to select the TCP/IP check box (if it is not already selected), and then click Configure next to TCP/IP.
4. Click Use static address pool.
5. Type the start of the IP address range in the Begin box, type the end of the IP address range in the End box.
NOTE: Configure a pool of static IP addresses on a different network segment than the network segment on which the internal LAN exists.
6. If you want to exclude a range of IP addresses from the static address pool, type the starting IP address of the range that you want to exclude in the From box, type the ending IP address of the range that you want to exclude in the To box, and then click Add.
7. Click OK, click OK, and then click Continue.
8. Click the Protocols tab, click TCP/IP Protocol, click Properties, click the Routing tab, and then click to select the Enable IP Forwarding check box (if it is not already selected).
9. Click OK, and then click Close.
10. Click Yes to restart the computer.
Back to the top
Step 2: Configure the VPN Client TCP/IP Properties
To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
1. Double-click My Computer, and then click the Network and Dial-up Connections link.
2. Right-click the VPN connection that you want to change, and then click Properties.
3. Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
4. Click Advanced, and then click to clear the Use default gateway on remote network check box.
5. Click OK, click OK, and then click OK.
Back to the top
Step 3: Connect to the Server That Is Running Routing and Remote Access
On the client computer, connect to the Internet, and then establish a VPN connection to the server that is running Routing and Remote Access.
NOTE: You cannot connect to resources on the remote network because you have disabled the Use Default Gateway on Remote Network setting in the VPN TCP/IP configuration.
Back to the top
Step 4: Add a Static Route on the Client
Add a static route on the client computer that uses the following configuration:
* The remote network is the destination.
* The correct subnet mask is used for the remote network.
* The first IP address from the static IP address pool that you configured in the "Step 1: Configure the Server That Is Running Routing and Remote Access to Use a Static IP Address Pool" section of this article is the gateway.
NOTE: The Routing and Remote Access server assigns this first IP address to its wide area network (WAN) Miniport driver.
For additional information about how to add a static route, click the article number below to view the article in the Microsoft Knowledge Base:
140859 (http://support.microsoft.com/kb/140859/EN-US/ ) TCP/IP Routing Basics for Windows NT
For example, to add a static route to a network that has the IP address of 192.168.10.0, the subnet mask of 255.255.255.0, and the gateway (the first IP address of the range assigned to the static IP address pool) of 192.168.1.1, type the following command at the command prompt, and then press ENTER:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.1.1
NOTE: If you use the -p switch with Windows 2000 or Windows NT 4.0, the route is made "persistent." Use this switch to ensure that the routing entry is preserved when the computer is restarted.
NOTE: The -p switch is not supported on either Microsoft Windows Millennium Edition-based, Microsoft Windows 98-based, or Microsoft Windows 95-based computers.
Ref:
http://support.microsoft.com/kb/317025
Ded9
NOTE: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
Back to the top
Step 1: Configure the Server That Is Running Routing and Remote Access to Use a Static IP Address Pool
Windows 2000 Server
1. Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
2. Right-click the server that is running Routing and Remote Access, and then click Properties.
3. Click the IP tab, click Static address pool, and then click Add.
4. Type the start of the Internet Protocol (IP) address range in the Start IP address box, type the end of the IP address range in the End IP address box, and then click OK.
NOTE: Configure a pool of static IP addresses on a different network segment than the network segment on which the internal local area network (LAN) exists.
5. Click to select the Enable IP routing check box (if it is not already selected).
6. Click OK.
7. Enable TCP/IP forwarding. For additional information about how to enable IP forwarding, click the article number below to view the article in the Microsoft Knowledge Base:
230082 (http://support.microsoft.com/kb/230082/EN-US/ ) How to Enable TCP/IP Forwarding in Windows 2000
Windows NT Server 4.0
1. Click Start, point to Settings, click Control Panel, and then double-click Network.
2. Click the Services tab, click Remote Access Service in the Network Services list, and then click Properties.
3. Click Network, click to select the TCP/IP check box (if it is not already selected), and then click Configure next to TCP/IP.
4. Click Use static address pool.
5. Type the start of the IP address range in the Begin box, type the end of the IP address range in the End box.
NOTE: Configure a pool of static IP addresses on a different network segment than the network segment on which the internal LAN exists.
6. If you want to exclude a range of IP addresses from the static address pool, type the starting IP address of the range that you want to exclude in the From box, type the ending IP address of the range that you want to exclude in the To box, and then click Add.
7. Click OK, click OK, and then click Continue.
8. Click the Protocols tab, click TCP/IP Protocol, click Properties, click the Routing tab, and then click to select the Enable IP Forwarding check box (if it is not already selected).
9. Click OK, and then click Close.
10. Click Yes to restart the computer.
Back to the top
Step 2: Configure the VPN Client TCP/IP Properties
To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
1. Double-click My Computer, and then click the Network and Dial-up Connections link.
2. Right-click the VPN connection that you want to change, and then click Properties.
3. Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
4. Click Advanced, and then click to clear the Use default gateway on remote network check box.
5. Click OK, click OK, and then click OK.
Back to the top
Step 3: Connect to the Server That Is Running Routing and Remote Access
On the client computer, connect to the Internet, and then establish a VPN connection to the server that is running Routing and Remote Access.
NOTE: You cannot connect to resources on the remote network because you have disabled the Use Default Gateway on Remote Network setting in the VPN TCP/IP configuration.
Back to the top
Step 4: Add a Static Route on the Client
Add a static route on the client computer that uses the following configuration:
* The remote network is the destination.
* The correct subnet mask is used for the remote network.
* The first IP address from the static IP address pool that you configured in the "Step 1: Configure the Server That Is Running Routing and Remote Access to Use a Static IP Address Pool" section of this article is the gateway.
NOTE: The Routing and Remote Access server assigns this first IP address to its wide area network (WAN) Miniport driver.
For additional information about how to add a static route, click the article number below to view the article in the Microsoft Knowledge Base:
140859 (http://support.microsoft.com/kb/140859/EN-US/ ) TCP/IP Routing Basics for Windows NT
For example, to add a static route to a network that has the IP address of 192.168.10.0, the subnet mask of 255.255.255.0, and the gateway (the first IP address of the range assigned to the static IP address pool) of 192.168.1.1, type the following command at the command prompt, and then press ENTER:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.1.1
NOTE: If you use the -p switch with Windows 2000 or Windows NT 4.0, the route is made "persistent." Use this switch to ensure that the routing entry is preserved when the computer is restarted.
NOTE: The -p switch is not supported on either Microsoft Windows Millennium Edition-based, Microsoft Windows 98-based, or Microsoft Windows 95-based computers.
Ref:
http://support.microsoft.com/kb/317025
Ded9
ASKER