Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, January 12, 2012 7:40 AM
hi friends
i have a need please guide me : if we want a vpn client connect to our vpn server and be able to connect to our network resources ( including our file server , ....) , but we want he be unable to use our network internet connection ( i mean he be unable to connect to internet from our network ). how many solutions do you know ?
thanks in advance
All replies (7)
Thursday, January 12, 2012 2:17 PM ✅Answered
Hi.
This sounds like a standard split VPN tunnel. Only traffic destination for networks that you have specified will go over the VPN connection, everything else through the default gateway of the client.
What VPN server do you use, so we can help you how to set up Split VPN tunnels.
Oscar Virot
Thursday, January 12, 2012 7:14 PM ✅Answered
I agree with Oscar. THis is a split-tunneling configuration.
One way to do it is to on the VPN connection properties, by unchecking "do not use remote gateway" setting. THis will only allow corporate traffic and any intenret traffic would go through the client's gateway through their ISP.
Assuming you're using a Windows VPN, you can also play around with the static routes on clients, and automate that, too.
Automation, whether setting the gateway checkbox or routes, by creating an installation package using the CMAK.
More info:
Connection Manager Administration Kit:
http://technet.microsoft.com/en-us/library/cc739464(WS.10).aspx
Using the CMAK wizard to build a service profile: Connection Manager
http://technet.microsoft.com/en-us/library/cc783508(v=ws.10).aspx
Split Tunneling for Concurrent Access to the Internet and an Intranet
http://technet.microsoft.com/en-us/library/bb878117.aspx
Split tunneling with cmak
Windows 2003 DHCP Server Option 249 "Classless Static Routes" Option (for XP DHCP clients SPlit Tunneling Option)
http://www.vistax64.com/vista-security/106544-split-tunneling-cmak.html
Thread: "Assigning Routes to PPTP Client?"
http://forum.mikrotik.com/viewtopic.php?f=8&t=10405
If using Cisco or any other vendor, you'll have to consult with their documentation or support department.
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, January 13, 2012 6:51 AM ✅Answered
Hi John,
Thanks for posting here.
This basic is about route entries settings on clients, just need to update the entries in table when VPN tunnel been created .
Please also take look the explanations and solutions in the link below:
How to configure split tunnelling on VPN clients using CMAK
http://blogs.technet.com/b/rrasblog/archive/2007/06/11/split-tunnelling-using-cmak.aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
Friday, January 13, 2012 6:39 AM
I agree with Oscar. THis is a split-tunneling configuration.
One way to do it is to on the VPN connection properties, by unchecking "do not use remote gateway" setting. THis will only allow corporate traffic and any intenret traffic would go through the client's gateway through their ISP.
Assuming you're using a Windows VPN, you can also play around with the static routes on clients, and automate that, too.
Automation, whether setting the gateway checkbox or routes, by creating an installation package using the CMAK.
More info:
Connection Manager Administration Kit:
http://technet.microsoft.com/en-us/library/cc739464(WS.10).aspx
Using the CMAK wizard to build a service profile: Connection Manager
http://technet.microsoft.com/en-us/library/cc783508(v=ws.10).aspxSplit Tunneling for Concurrent Access to the Internet and an Intranet
http://technet.microsoft.com/en-us/library/bb878117.aspxSplit tunneling with cmak
Windows 2003 DHCP Server Option 249 "Classless Static Routes" Option (for XP DHCP clients SPlit Tunneling Option)
http://www.vistax64.com/vista-security/106544-split-tunneling-cmak.htmlThread: "Assigning Routes to PPTP Client?"
http://forum.mikrotik.com/viewtopic.php?f=8&t=10405
If using Cisco or any other vendor, you'll have to consult with their documentation or support department.
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis posting is provided AS-IS with no warranties or guarantees and confers no rights.
![]()
![]()
hi and thank you very much ace for good explanation and very useful images
Friday, January 13, 2012 6:40 AM
Hi.
This sounds like a standard split VPN tunnel. Only traffic destination for networks that you have specified will go over the VPN connection, everything else through the default gateway of the client.
What VPN server do you use, so we can help you how to set up Split VPN tunnels.
Oscar Virot
hi and thank you very much oscar for your great answer
Friday, January 13, 2012 9:15 AM
Hi John,
Thanks for posting here.
This basic is about route entries settings on clients, just need to update the entries in table when VPN tunnel been created .
Please also take look the explanations and solutions in the link below:
How to configure split tunnelling on VPN clients using CMAK
http://blogs.technet.com/b/rrasblog/archive/2007/06/11/split-tunnelling-using-cmak.aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
oh GREAT LINK. very nice. thanks you very much dear tiger
Friday, January 13, 2012 6:59 PM
hi and thank you very much ace for good explanation and very useful images
You are welcome, John!
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.