ryan

I'm trying to setup a VPN server that will be multi-homed on several
different internal subnets, and allow VPN clients to be "dropped off" on the
appropriate subnet based on a static IP specified in the AD user properties
dial-up tab. Here's the setup:

NIC 1 (external interface):
IP=192.168.1.2
DEFAULT gateway of VPN server=192.168.1.1

NIC 2 (internal interface):
IP=192.168.100.2
Gateway=192.168.100.1

NIC 3 (internal interface):
IP=192.168.101.2
Gateway=192.168.101.1

If I specify a static IP of 192.168.100.50 in the AD user dial-up properties
for user "johndoe", he will correctly be assigned that IP when connected via
a PPTP VPN connection.

The problem is that johndoe's Internet bound traffic is sent via the default
gateway of the VPN server, 192.168.1.1. The traffic for "johndoe" at
192.168.100.50 is then dropped by the router because 192.168.100.50 is not a
valid address on the 192.168.1.0 subnet (this is a security feature???).

So my question is this: Can I somehow route all traffic from VPN clients to
the subnet and gateway that cooresponds to their static IP address? For
example, since "johndoe" has been assigned a static IP of 192.168.100.50 his
connection would route all outbound traffic to the gateway at 192.168.100.1.

I thought that I might be able to use the "Apply Static Routes" section of
the AD user Dial-in properties tab, but I can't figure out what that is
actually doing.

Any help would be much appreciated!!!