VPN + US based MS Exchange server
Discussion
I'm in the shire, not the city 
No worries, it's just like doing the crossword... Would help to have only one active interface ie wieless or wired only. ATM that's what my money's on.
Just been checking on MS and a permanent route should fix it... providing the client VPN address remains fairly consistent! Seems a poor implementation of routing TBH as you SHOULD route via the next hop which in this case is the VPN endpoint.
I'll check in again tomorrow by which time I'm sure Darren will have earned all the brownie points
No worries, it's just like doing the crossword... Would help to have only one active interface ie wieless or wired only. ATM that's what my money's on.
Just been checking on MS and a permanent route should fix it... providing the client VPN address remains fairly consistent! Seems a poor implementation of routing TBH as you SHOULD route via the next hop which in this case is the VPN endpoint.
I'll check in again tomorrow by which time I'm sure Darren will have earned all the brownie points
So I with my (potentially) fat fingers 
I did precisely as DeeJay suggested.
Windows IP Configuration
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
PPP adapter XXXXXXXXXX VPN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.160.200
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.160.200
C
ocuments and Settings
icky>route ADD 192.168.0.0 MASK 255.255.0.0 192.168.1
60.200
Cocuments and Settings
icky>
So with VPN in place and the DefGW box ticked I can connect to the Exchange Server for Outlook (hurray!) but the browser is still routing through the VPN (boooo!)
Route print with DefGW ticked gives:
***info removed to protect the innocent (me)***
with the VPN in place and the DefGW box UN-ticked the browser works directly (rather than through the VPN - hurray!) but the connection to the exchange server doesn't happen (boooo!)
Route print with the DefGW box Un-ticked:
*** ditto ****
So that's about the size of it! I think I'm just about done on this - and I'm sure you are too. I can't believe I'm the first person to encounter this problem. If I need to get the IT guy in our HQ to do something different at his end then I'm happy to tell him!
I did precisely as DeeJay suggested. Windows IP Configuration
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
PPP adapter XXXXXXXXXX VPN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.160.200
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.160.200
C
ocuments and Settings icky>route ADD 192.168.0.0 MASK 255.255.0.0 192.168.1
60.200
C
ocuments and Settings icky>
So with VPN in place and the DefGW box ticked I can connect to the Exchange Server for Outlook (hurray!) but the browser is still routing through the VPN (boooo!)
Route print with DefGW ticked gives:
***info removed to protect the innocent (me)***
with the VPN in place and the DefGW box UN-ticked the browser works directly (rather than through the VPN - hurray!) but the connection to the exchange server doesn't happen (boooo!)
Route print with the DefGW box Un-ticked:
*** ditto ****
So that's about the size of it! I think I'm just about done on this - and I'm sure you are too. I can't believe I'm the first person to encounter this problem. If I need to get the IT guy in our HQ to do something different at his end then I'm happy to tell him!
Edited by hut49 on Monday 3rd July 19:05
Edited by hut49 on Monday 3rd July 19:59
Edited by hut49 on Monday 3rd July 20:20
Not looking particularly fat I'm afraid 
What you didn't do is the 'route print' once you've established the connection, run your route add, and ensured the 'use gateway' checkbox is off.
Is that gives the result I'm expecting, it's really difficult to predict why it's not working, as MS's article states it should work....
What you didn't do is the 'route print' once you've established the connection, run your route add, and ensured the 'use gateway' checkbox is off.
Is that gives the result I'm expecting, it's really difficult to predict why it's not working, as MS's article states it should work....
Hang on a minute, we're possibly missing a trick here... What's the IP address of the Exchange server? ping <nameofyourexchangeserverhere> with the VPN in place.
I think we got drawn down a route of thinking it was on the 192.168.160.X network earlier when I don't think it's actually on there at all. There are a couple of DNS's on 192.168.0.x but we need to be certain where the Exchange box resides. You will need more than one static route for this to work correctly if the Exchange servers address doesn't start 192.168.0 or 192.168.160
I think we got drawn down a route of thinking it was on the 192.168.160.X network earlier when I don't think it's actually on there at all. There are a couple of DNS's on 192.168.0.x but we need to be certain where the Exchange box resides. You will need more than one static route for this to work correctly if the Exchange servers address doesn't start 192.168.0 or 192.168.160
Ok, my theory, and my last one (as you sound to be getting bored )
What happened was:
1) you tried with the box checked
2) you added the route
3) you disconnected the VPN
4) that deleted the interface, which also deletes the route
5) you connected without the box checked
So, last go:
1) VPN in with the box unchecked
2) check your IP
3) add the route (route add 192.168.0.0 mask 255.255.0.0 <ip you got from VPN)
And it should work....
If it doesn't, call it a day!!
) What happened was:
1) you tried with the box checked
2) you added the route
3) you disconnected the VPN
4) that deleted the interface, which also deletes the route
5) you connected without the box checked
So, last go:
1) VPN in with the box unchecked
2) check your IP
3) add the route (route add 192.168.0.0 mask 255.255.0.0 <ip you got from VPN)
And it should work....
If it doesn't, call it a day!!
Edited by _deejay_ on Monday 3rd July 19:47
Edited by _deejay_ on Monday 3rd July 19:47
BliarOut said:
Hang on a minute, we're possibly missing a trick here... What's the IP address of the Exchange server? ping <nameofyourexchangeserverhere> with the VPN in place.
I think we got drawn down a route of thinking it was on the 192.168.160.X network earlier when I don't think it's actually on there at all. There are a couple of DNS's on 192.168.0.x but we need to be certain where the Exchange box resides. You will need more than one static route for this to work correctly if the Exchange servers address doesn't start 192.168.0 or 192.168.160
I think we got drawn down a route of thinking it was on the 192.168.160.X network earlier when I don't think it's actually on there at all. There are a couple of DNS's on 192.168.0.x but we need to be certain where the Exchange box resides. You will need more than one static route for this to work correctly if the Exchange servers address doesn't start 192.168.0 or 192.168.160
Keep up at the back! Our previous route was 192.168.0.0/16 which will cover all 65536 addresses from 192.168.0.0 thru 192.168.255.255 so we've got Exchange and DNS covered.
Unless the 2nd routing table was confusing you (see my theory, above).
YYYYYYYYYYYYYYEEEEEEEEEEEEEEEEEEEEEEEEEEEEESSSSSSSSSSSSSSSSSSSSSSSSSSSS
Witness DeeJay's last, desperate post hoping that he could finally get on with his life - and he nailed it perfectly. Awesome. And for those joining late just absorb the beautiful simplicity of IT consulting at its very best as once again we join with DeeJay as he plays the coup de grace:
"So, last go:
1) VPN in with the box unchecked
2) check your IP
3) add the route (route add 192.168.0.0 mask 255.255.0.0 <ip you got from VPN)"
Bloody brilliant!
Witness DeeJay's last, desperate post hoping that he could finally get on with his life - and he nailed it perfectly. Awesome. And for those joining late just absorb the beautiful simplicity of IT consulting at its very best as once again we join with DeeJay as he plays the coup de grace:
"So, last go:
1) VPN in with the box unchecked
2) check your IP
3) add the route (route add 192.168.0.0 mask 255.255.0.0 <ip you got from VPN)"
Bloody brilliant!
Edited by hut49 on Monday 3rd July 20:31
DeeJay and BlairOut (with occasional help from others) you are unbelievable - to have stuck with this over 90 posts is arm's length consulting way above the benchmark. I'm really impressed with your perseverence, good humour and resolve. Me? I'm just about fit for the funny farm! But I think the crowd enjoyed it too. To have got an on-fire red folder rating for a highly technical ( I hesitate in present company to use the Geek word) subject like this is amazing!
Thanks guys!
Thanks guys!
Pah, you leave a crossword laying around and someone else comes along and finishes it 
Hut, is it working all the time now or do you have to add the route afterwards? If you do, make it permanent with route -P add 192.168.0.0 mask 255.255.0.0 <ip you got from VPN) that should stick it in the registry and permanently enable the route.
I had to go out in the real world or I would have been here at the glorious conclusion
Hut, is it working all the time now or do you have to add the route afterwards? If you do, make it permanent with route -P add 192.168.0.0 mask 255.255.0.0 <ip you got from VPN) that should stick it in the registry and permanently enable the route.
I had to go out in the real world or I would have been here at the glorious conclusion
I tried rebooting and firing up the VPN again and noticed that the IP assigned by the server was different (last number of the address seems to change +/- 1) so I figured that I will have to add the route each time I reconnect. Since I am frequently in hotels etc working off my laptop (so to speak 
) either on wireless or wired up to the hotel internet I'm going to have to do this fairly often, but it's not a big deal. A permanent fix would be ideal but if the IP address assigned is a variable then that's a problem. As the fix is not intuitive for me I've saved the following as a .txt file on my desktop - it will also act as a simple solution for others with the same problem who might stumble into this thread through a search
1) VPN in with the Default Gateway box unchecked (Network Connections > VPN properties > Networking > TCP/IP > Advanced...)
2) check the IP address assigned to the VPN (Run > cmd > IPConfig /all)
3) add the route (route add 192.168.0.0 mask 255.255.0.0 <ip assigned by VPN in Step 2)
As I already said it's great that the PistonHeads community has people like you who are prepared to help us out - thank you
) either on wireless or wired up to the hotel internet I'm going to have to do this fairly often, but it's not a big deal. A permanent fix would be ideal but if the IP address assigned is a variable then that's a problem. As the fix is not intuitive for me I've saved the following as a .txt file on my desktop - it will also act as a simple solution for others with the same problem who might stumble into this thread through a search 1) VPN in with the Default Gateway box unchecked (Network Connections > VPN properties > Networking > TCP/IP > Advanced...)
2) check the IP address assigned to the VPN (Run > cmd > IPConfig /all)
3) add the route (route add 192.168.0.0 mask 255.255.0.0 <ip assigned by VPN in Step 2)
As I already said it's great that the PistonHeads community has people like you who are prepared to help us out - thank you
I just upgraded to a Vista O/S on a Lenovo X61 (sweet machine). But now my VPN routine that worked in XP doesn't in Vista with this hard ware set-up. This allowed me to VPN into my US based server while allowing me to browse normally outside the VPN, otherwise it looked to websites like I was browsing out of the US end of the VPN.
Now when I enter the command "route add............mask............<<VPN IP address>>" at the C: prompt (see DeeJay's post below) I get a response: "this needs to be elevated to a higher level". Any ideas on what changed and how to fix it?
Now when I enter the command "route add............mask............<<VPN IP address>>" at the C: prompt (see DeeJay's post below) I get a response: "this needs to be elevated to a higher level". Any ideas on what changed and how to fix it?
When you click on the command prompt icon right click (instead of left click) and it will pop up a menu. choose "run as administrator" and you'll be prompted for the local administrator credentials for your machine, or maybe just a confirm prompt (depending on how your machine is setup)
You'll then get a command prompt that has admin permissions and will let you make routing changes etc. (assuming you either know the local admin password, or your account is already a local admin)
You'll then get a command prompt that has admin permissions and will let you make routing changes etc. (assuming you either know the local admin password, or your account is already a local admin)
Edited by SaTTaN on Tuesday 21st August 16:36
SaTTaN said:
When you click on the command prompt icon right click (instead of left click) and it will pop up a menu. choose "run as administrator" and you'll be prompted for the local administrator credentials for your machine, or maybe just a confirm prompt (depending on how your machine is setup)
You'll then get a command prompt that has admin permissions and will let you make routing changes etc. (assuming you either know the local admin password, or your account is already a local admin)
No action/menu on a right click on the command prompt You'll then get a command prompt that has admin permissions and will let you make routing changes etc. (assuming you either know the local admin password, or your account is already a local admin)
Edited by SaTTaN on Tuesday 21st August 16:36
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff