The default gateway is the local IP because you are the whole subnet with a 32-bit mask. Remember, the default gateway is where you send any traffic not on the local subnet. Since you are the local subnet, all traffic is sent to you and then routed out the VPN connection. It's all "under the covers". I'll bet that if you try to connect to \\RRAS-server-IP\c$ with appropriate permissions, you'll see what you want. As far as using the remote ISA to access the Internet, that's a relatively easy one regardless of the type of windows client: In IE connection properties, highlight the VPN connectoid in "Dial-ip and Virtual Private Network settings" and click "settings" Leave "Auto discovery" disabled Enter the internal IP address of the remote ISA and the port used for the outgoing web listener (8080 by default) Select "bypass proxy for local addresses" You can also use the FW client, but auto-discovery will get snaky if you don't support it through the distant DNS / DHCP settings. "Standard Windows client"; that's good 8-)... W9x, WMe, NT4 clients don't resolve names the same way that W2K and WXP clients do and W9x, WMe clients also don't use the same VPN mechanisms as do the NT4, W2K, WXP clients do, so they can't be grouped like that. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, August 05, 2001 11:38 AM Subject: [isalist] Re: VPN issues... http://www.ISAserver.org Got allow ip routing checked. So why does the default gateway show up as the dhcp address the client picked up. I can't get to any internet sites when connected. BTW am usign the standard windows client. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, August 05, 2001 2:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: VPN issues... http://www.ISAserver.org You don't say what client you're using, so here goes my best guesses: 1. You have to allow IP routing in RRAS IP properties to use resources other than those provided by the RRAS server itself. 2. W9x , WME, XP Home clients can't connect "as", so the default user may not have rights, regardless of the VPN credentials. 3. If you're trying to connect or map via names and don't have WINS (for W9x, ME) or DNS (W2K, XP pro) for name resolution, it'll fail. 4. The 32-bit mask and default gateway is correct for VPN clients; the routing is handled by RRAS. This is also the reason you can't resolve machine names via NetBIOS broadcast; your subnet is limited to the local machine, so you can only broadcast to yourself. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, August 05, 2001 11:09 AM Subject: [isalist] VPN issues... http://www.ISAserver.org I have my vpn setup with a single internal subnet (same as the internal nic on isa). I am having problems mapping to file shares and getting back out to the internet. I do not have wins running and am trying to connect via \\10.0.0.20\c$ or \\servername.mydomain.com\c$ to no avail. I can hit my internal website from the client though. I notcie on my vpn ppp/slip interface it says I have a subnet mask of 255.255.255.255. Is that correct? It also has the clients own ip (that it got from dhcp) as the default gateway. Any ideas are appreciated. I'd rather not use wins if I don't have to. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')