Dest: 10.1.0.0 (internal LAN class)
Gateway: 10.1.0.1 (LAN Firewall)
Interface: "Intranet" (NIC connected to LAN)
Interface: "Internet" (NIC Connected to Internet)
Note: I've also yanked the default gateway from the NIC connected to the internal LAN.
If I follow the above configuration I can connect just fine but cannot access the Internet. If I change the second static route's interface to "intranet," certain VPN clients CAN connect.
These clients are ones who are on the same Internet subnet as the VPN server (subnet being public addresses from our ISP). I've tested it and confirmed that the traffic is indeed going through the VPN, then out our firewall.
Any ideas on how to fix this? It is just weird. I go home to my DSL line and it either doesn't connect or tells me I need a certificate. However, if I change the static route (second one) to the MS correct config, I can connect no issues. (So I don't think it's a certificate issue.)
Any ideas would be GREATLY appreciated. I am pulling my hair out over this one.
You can't access the Internet with a 10.x.x.x address, because that's a private non-routable address. Of course you know it's a private address, because that's why you picked it for the VPN. This is good practice. However, to get to the public Internet, you'll need to translate that IP address somehow. The standard ways of doing this are to send requests through a NAT (Network Address Translation) device. Fortunately, Windows 2000 does include NAT capabilities. You should be able to configure NAT so that it translates the source IP address of requests from your 10.x.x.x private network to the public IP address assigned by your ISP. Good luck.
This was first published in October 2002