I've recently swapped our firewall for a PIX & VPN 3005 combination. I intend to deploy the vpn client after some testing, but in the meantime I have left PPTP enabled so the users can use the built in Win2K vpn client.
In the connection properties of Windows 2000, some users tried to turn off the 'use default gateway of remote network' setting - ie, they were trying to accomplish split tunneling by not routing everything through the tunnel.
I have enable split tunneling on the VPN 3005 using a network list for the internal LAN, but this still doesn't work. It seems that there's no way for the concentrator to inform the PPTP clients which networks to route through the tunnel, and which not to.
So my question is, am I correct? do Win2K PPTP users have to tunnel everything through the gateway until the vpn client is deployed?
I should mention that vpn users are not on the same segment as the rest of the servers on the internal LAN - I have a Tunnel Default Gateway configured that routes them to the internal LAN.