VPN Access to to company's LAN can be easy to set up and configure using Microsoft's Connection Manager Administrator Kit. There is much documentation on basic setup on the web, but I want to talk about advanced setup possibilities. The basic setup uses the default gateway of the VPN server to access the internet while connected. This may not be desired for several reasons. The first is that in most cases additional firewall rules will need to specified on the company's firewall for the VPN clients to access the internet. Additional routing may also need to be configured for the CPN clients to access resources. Another big reason we may not want to do this is that while the VPN client stays connected, all internet traffic for the client consumes the company's bandwidth, not only once, but twice. The company will have to first receive the data from the public server, then send it back to the VPN client. Allowing the VPN client to use their own internet connection for normal internet traffic is much desired. This also allows the client to use programs/TCP ports locally which would be blocked by the company's policy if trying to connect through the VPN.

The configuration of this is not so involved really. First, we need to uncheck the box that specifies the client to use the server's default gateway. The biggest part is writing some scripts to run post-connect and on disconnect of the VPN session. For post-connect, we need a script that will add routing table entries for the remote subnet(s). This may not be as easy as it seems, and one might say that the CMAK wizard allows us to specify a url location of the routing table entries needed. Good luck with this, if you can get to work as we need, I would like to know how. The problem lies in the fact that adding routing entries via this method, applies them to most likely the default interface, not the VPN interface. So now when trying to access the company's LAN, the packet is sent out the client's normal default gateway and will never reach the company's private LAN. The .vbs script show below will detect the interface index and then add the routing table entry based on this interface index. It needs to be modified to reflect the correct subnet for your situation.
On Error Resume Next strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_IP4RouteTable") For Each objItem in colItems if inStr(objItem.Name, "10.0.0.0") then Set objShell = CreateObject("WScript.Shell") Set objScriptExec = objShell.Exec("route add 192.168.3.0 mask 255.255.255.0 10.10.10.1 if " & objItem.InterfaceIndex) end if Next

Next, which may not need to be done based on your needs, is setting up the company's DNS server to resolve client requests to internal resources. Once again, I have a .vbs script shown which will modify the DNS server search order. Upon post-connect, it will insert the specified DNS server into the top of the client's DNS server list. Again, modify the IP addresses as needed. Now all DNS queries will made against the company's internal DNS server. This may not be the absolute best method, and could possibly be made better, however, this amount of bandwidth going through the company in insignificant compared to routing all client internet traffic through the company.
On Error Resume Next Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") Set colNetCards = objWMIService.ExecQuery ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True") For Each objNetCard in colNetCards dim str1 dim str2 dim str3 dim str4 dim str5 dim str6 dim count set count = 0 dim found set found = 0 If Not IsNull(objNetCard.DNSServerSearchOrder) Then for each propValue in objNetCard.DNSServerSearchOrder if inStr(propValue,"5.5.5.5") then found = 1 end if next end if if found = 0 then str1 = "5.5.5.5" count = 1 If Not IsNull(objNetCard.DNSServerSearchOrder) Then for each propValue in objNetCard.DNSServerSearchOrder if count = 1 then str2 = propValue elseif count = 2 then str3 = propValue elseif count = 3 then str4 = propValue elseif count = 4 then str5 = propValue elseif count = 5 then str6 = propValue end if count = count + 1 next end if if count = 1 then list = Array(str1) elseif count = 2 then list = Array(str1, str2) elseif count = 3 then list = Array(str1, str2, str3) elseif count = 4 then list = Array(str1, str2, str3, str4) elseif count = 5 then list = Array(str1, str2, str3, str4, str5) elseif count = 6 then list = Array(str1, str2, str3, str4, str5, str6) end if objNetCard.SetDNSServerSearchOrder(null) retVal = objNetCard.SetDNSServerSearchOrder(list) end if Next

Now we just need to undo these upon disconnect. The first script below can be saved and run as a .bat file and will remove the routing table entries that were created upon connection. The second script is .vbs script that will remove the company's DNS server from the client's DNS server list, restoring them to normal.
route delete 192.168.3.0
On Error Resume Next Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") Set colNetCards = objWMIService.ExecQuery ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True") For Each objNetCard in colNetCards dim str1 dim str2 dim str3 dim str4 dim str5 dim count set count = 0 If Not IsNull(objNetCard.DNSServerSearchOrder) Then for each propValue in objNetCard.DNSServerSearchOrder if inStr(propValue,"5.5.5.5") then else if count = 0 then str1 = propValue elseif count = 1 then str2 = propValue elseif count = 2 then str3 = propValue elseif count = 3 then str4 = propValue elseif count = 4 then str5 = propValue end if count = count + 1 end if next if count = 1 then list = Array(str1) elseif count = 2 then list = Array(str1, str2) elseif count = 3 then list = Array(str1, str2, str3) elseif count = 4 then list = Array(str1, str2, str3, str4) elseif count = 5 then list = Array(str1, str2, str3, str4, str5) end if objNetCard.SetDNSServerSearchOrder(null) if count > 0 then retVal = objNetCard.SetDNSServerSearchOrder(list) end if end if Next

Now on the appropriate screen in the CMAK wizard, add these files to the post-connect and disconnect programs to run.