Re: Internet through VPN
- From: "Matabra" <Matabra@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Aug 2008 12:51:51 +0100
Hi,
Do you want your clients to be able to access the internet at the same time as they are connected through the VPN?
Is there any specific reason you dont want them using the internet connection at the SBS site?
One way you could do it , (depending on your external firewall at the SBS site) would be to block traffic coming from the VPN clients,
Otherwise , send out a new VPN Config file with the "use remote gateway" unchecked and they will use their own gateway.
Regards,
Matt
"Thomas Raasch" <nospam@xxxxxxxxxx> wrote in message news:O13fkpf$IHA.3648@xxxxxxxxxxxxxxxxxxxxxxx
==========================.
as adviced in my thread in
microsoft.public.windows.server.general
i will create the same posting in this group:
==========================
Hi,
I have a SBS2003 on a location A.
There is RRAS activated and fully functional.
With VPN I can connect to location A from a location B with a Windows XP Client.
Everything works fine - too fine for me...
my Problem is, that the XP-Client on location B has also access to the Internetconnection of location A!
cause of my bad english i will explain it clearly with IPs:
On location B the XP Client has the IP 192.168.0.10
There is a Router with IP 192.168.0.1
The Router is the Gateway for that XP-Client
The SBS on location A has the IP 10.0.0.2
There is also a Router with IP 10.0.0.1
The Router is the Gateway for this Network
When i make a
tracert www.google.com
on the XP-Client the first IP reached is the local Router (192.168.0.1)
- so far so good -
When I now connect from location B through VPN to location A then the XP-Client on B, of course, gets a 2nd Networkconnection named "VPN-Test". With this connection XP changes its Default-Gateway to the 10.0.0-Subnet!
When I now make a
tracert www.google.com
then the first IP reached is the Router of the location A!
So every XP-Client use the Internet-Connection of location A as far as they are connected through VPN! They use not there own local Router! I know, I easiely can change the checkbox "Use default gateway on remote network" on every XP-Client to solve this problem. But thats not enough security! It is still possible to have access to the internet from a XP-Client through the VPN. So it is still possible that a user on one XP-Client changes this option back to its default and so using the Internetconnection of my SBS2003. And further - I don't have access to every XP-Client, so I can not be sure that every Client has this option set well.
So now finaly my question:
what do i have to set up on my SBS2003 that the VPN-Clients are not allowed to use the Internet-Connection of my SBS2003?
The VPN-Clients get their IPs from the SBS-own DHCP and also use the SBS-own DNS...
The VPN-Clients need access to the SBS2003-Server as well as to the rest of the Network on location A! The XP-Clients from location B need access to some Clients in the Network of location A! Else it would be possible to deactivate the routing-option of the RRAS - but not in my case.
Thanks for your help
Thomas
- Follow-Ups:
- Re: Internet through VPN
- From: Thomas Raasch
- Re: Internet through VPN
- References:
- Internet through VPN
- From: Thomas Raasch
- Internet through VPN
- Prev by Date: Re: SBS basic questions
- Next by Date: Re: Backup fails - Normal is ok, it's Copy where it fails - Backup Type Copy - The requested media failed to mount. The operation was aborted.
- Previous by thread: Internet through VPN
- Next by thread: Re: Internet through VPN
- Index(es):
Relevant Pages
|
