locked
How to supply additional routes to VPN clients? RRS feed

  • Question

  • Scenario: a TMG firewall acts as the main firewall and Internet gateway for a network, 192.168.60.0/24. It also acts as a VPN server.

    There is also another internal network, connected to a second interface of the TMG firewall: 192.168.0.0/22.

    Computers on both internal networks use the TMG firewall as their default gateway.

    The VPN client address range is defined as 192.168.17.1-254; this is configured in the firewall, no DHCP is used. DNS servers to supply to VPN clients are also configured.

    Routing is configured correctly, and policies are configured to allow all traffic between the two internal networks and the VPN Clients network.

    The VPN clients can succesfully connect and receive an address in the 192.168.17.X range.

    The VPN clients DO NOT have the "use default gateway on the remote network" option enabled, and this is desired behaviour, because we want them to be able to be able access the Internet while a VPN connection is up, but not to have all of their traffic routed through our link (bandwidth is a little tight).

    The problem: a VPN client only get a route to the 192.168.17.0/24 network, it gets no information ad all about 192.168.60./24 or 192.168.0.0/22.

    If a static route to the two networks via the VPN tunnetl is manually added, everything works fine.

    The question: how can I automatically supply these additional two routes to VPN clients?

     

    Monday, November 7, 2011 11:00 AM

Answers

All replies