Brian, You're looking at the default configuration of the client to "Use default gateway on remote network" If you open your client connectoid, and go to the properties of TCP/IP, and then hit the Advanced button, you'll see this checkbox setting. With that said, there is now the philosophical discussion of "split-tunnelling" where you're potentially openning up your network to the internet via this VPN connected client that is also connected to the internet. Security best-practices say that the default setting is the preferred one since it mitigates the risk of adding another entry point from the internet while that client is connected (never mind that if the client was already breached, it's a new entry point .. different security discussion). -----Original Message----- From: Brian Hoover [mailto:brianh@xxxxxxxxx] Sent: Tue 4/23/2002 10:47 AM To: [ISAserver.org Discussion List] Cc: Subject: [isalist] VPN Client cannot access the Internet? http://www.ISAserver.org Many thanks to the contributors to this list and to ISAServer.org. I have set up a lab to simulate an enterprise network with back to back ISA servers. After establishing a VPN tunnel into the network the client can no longer access the Internet. When I do trace route to any site the the astericks come back on the first hop. If I disconnect the VPN connections all is well again. I am using PPTP as I have not set up CertSrv yet. Can anyone explain this behavior? Does the IP stack lock down to point only to the ISA server to protect from the client being hacked and an intruder gaining an autenticated path to the LAN? Thanks, Brian Hoover I.T. Manager Vidar Systems Corporation ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: davidh@xxxxxxxxxxxx To unsubscribe send a blank email to leave-isalist-261457I@xxxxxxxxxxxxx