Re: VPN Adding a static route to the client

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Bill Grant (not.available_at_online)
Date: 05/07/04 

Date: Fri, 7 May 2004 10:51:17 +1000

   As you say, the problem is that the interface doesn't exist until the
connection is made. On a server, you can use a demand-dial interface and use
the interface name in the route command. On a client, you really need a
script which can get the "received" IP and plug it into the static route.

    There are other ways to attack it. I believe you can do it through
Active Directory in native mode. And you can do it with CMAK (connection
manager admin kit).

"ErikJ" <ewj_NO_SPAM_ineacom> wrote in message
news:#CHLJx6MEHA.3636@TK2MSFTNGP09.phx.gbl...
> I think what Rick is saying is that he doesn't want to have ALL of the VPN
> client's Internet traffic flow thru the PIX because then he is bogging
down
> the office's pipe rather than the local pipe; the VPN connection is smart
> about using a route for the VPN LAN as opposed to the default gateway
which
> would normally be used for everything else (assuming the use default
gateway
> checkbox is left unchecked).
>
> Seems to me the correct way IS to add the static route from a batch file;
> could you use the interface _number_ as opposed to the interface IP (which
> would potentially change everytime you connect). I don't think the
> interface number will change from connect to connect, although it could
> differ from client to client.
>
> I'm curious to see your eventual solution; please post results.
>
> Thanks,
> Erik
>
> > > I realize that since it is a different subnet they will have to have a
> > static route on
> > > their machine that points to the Office LAN's PIX as gateway for the
> > Datacenter
> > > LAN.
> >
> > No that is the wrong assumption.
> >
> > > Client Using PPTP, Use default gateway on remote network is NOT
checked.
> >
> > This is why,...that has to be checked.
>
>

Relevant Pages

  • Re: Configuring Cisco VPN Client / Windows XP
    ... This suggests there's something broken with the VPN ... configuration on the target client computer. ... > Given that we see the Ethernet NIC interface and given that we see the VPN ... > access an https page that probably requires connection via the VPN. ...
    (comp.dcom.vpn)
  • Re: Site to Site VPN with Windows Server 2003
    ... If the username matches one of its demand-dial interface ... You then have a routed connection between the sites. ... If the username does not match the name of any demand-dial interface, ... > Site to Site VPN To setup a Site-to-Site VPN Connection, ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS demand dial interface
    ... you can ignore the internal interface. ... if you configure your server for incoming VPN or dialup users. ... but the first connection attempt often fails ... to use the internet connection. ...
    (microsoft.public.windows.server.networking)
  • ASA 5510 Route Question
    ... spoke VPN sites due to excessive internet traffic. ... interface has no nat, but a crypto map assigned to it. ... If I assign a static route for the INET interface, ...
    (comp.dcom.sys.cisco)
  • Re: ASA 5510 Route Question
    ... My thought process was that I would dedicate one T1 to strictly carry VPN traffic, while the other handles all other internet traffic. ... I hope to eliminate congestion to my spoke VPN sites due to excessive internet traffic. ... interface has no nat, but a crypto map assigned to it. ... Should I, as part of configuring VPN connectivity for each site, assign a static route for 192.168.X.0/24 to point out the VPN interface on the 5500? ...
    (comp.dcom.sys.cisco)