VPN GURU CHALLENGE is in order here. I have the same exact issue and have struggled with it for a year. IF I add a static route on the VPN server that captures 0.0.0.0/0.0.0.0 and sends to our hardware based Internet router gateway address, Internet access works for a while but then the VPN server refuses connections.
ENDUSER.VPN--> VPN.Server--> Internal.Router--> INTERNET-->
Windows 2000 Server with latest SP4 post.
ISP subnet = x.x.x.64-.70
DSL Modem = x.x.x.65
Firewall = x.x.x.66/255/255.255.248 (.64-.70)
Intranet Network = 192.168.3.x
Internet Gateway = 192.168.3.1
Intranet DNS = 192.168.3.20
--------------------------------
VPN Intranet Interface : 192.168.3.30, Mask 255.255.255.0 DNS=.20, no gateway
VPN External Interface : x.x.x.70, Mask 255.255.255.248, gateway .65, ISP DNS, & (filtered)
VPN Static IP Pool : 192.168.3.200-.210
VPN Internal Interface: 192.168.3.200
Static routes: none that don't cause VPN to eventually die.
* Adding a route to 0.0.0.0/0.0.0.0 for 192.168.3.1 works for a while but if the VPN server is rebooted or another vpn client attaches, the VPN server stops responding even after the new static route is removed. In order to restore functionality, I must uninstall routing followed by uninstalling each network interface and then reinstall everything before it will accept connections again.
I've read tons of posts with various suggestions. So far, none of them work reliably. Many have given up and say there is no solution without upgrading to Win2003 Server or Windows ISA 2003. Many don't have budget for that for now. We have a sister office that uses a single interface without issues, however, I require a multihomed VPN server.
Client VPN routing table forces its own IP as the gateway. Tracert shows that external IP access stops at 192.168.3.208 (this is the Internal virtual interface within VPN server). Adding the static route as I have described above, allows tracert to continue to 192.168.3.100 but as I said, it doesn't work for very long.
My ultimate goal: To get my multihomed Windows 2000 VPN Server to allow VPN clients Internet access via the corporate Internet gateway (no split tunneling).
ENDUSER.VPN--> VPN.Server--> Internal.Router--> INTERNET-->
Windows 2000 Server with latest SP4 post.
ISP subnet = x.x.x.64-.70
DSL Modem = x.x.x.65
Firewall = x.x.x.66/255/255.255.248 (.64-.70)
Intranet Network = 192.168.3.x
Internet Gateway = 192.168.3.1
Intranet DNS = 192.168.3.20
--------------------------------
VPN Intranet Interface : 192.168.3.30, Mask 255.255.255.0 DNS=.20, no gateway
VPN External Interface : x.x.x.70, Mask 255.255.255.248, gateway .65, ISP DNS, & (filtered)
VPN Static IP Pool : 192.168.3.200-.210
VPN Internal Interface: 192.168.3.200
Static routes: none that don't cause VPN to eventually die.
* Adding a route to 0.0.0.0/0.0.0.0 for 192.168.3.1 works for a while but if the VPN server is rebooted or another vpn client attaches, the VPN server stops responding even after the new static route is removed. In order to restore functionality, I must uninstall routing followed by uninstalling each network interface and then reinstall everything before it will accept connections again.
I've read tons of posts with various suggestions. So far, none of them work reliably. Many have given up and say there is no solution without upgrading to Win2003 Server or Windows ISA 2003. Many don't have budget for that for now. We have a sister office that uses a single interface without issues, however, I require a multihomed VPN server.
Client VPN routing table forces its own IP as the gateway. Tracert shows that external IP access stops at 192.168.3.208 (this is the Internal virtual interface within VPN server). Adding the static route as I have described above, allows tracert to continue to 192.168.3.100 but as I said, it doesn't work for very long.
My ultimate goal: To get my multihomed Windows 2000 VPN Server to allow VPN clients Internet access via the corporate Internet gateway (no split tunneling).