I would like to set up a configuration where VPN clients connecting to my Forefront TMG can access all the resources of my Internal network without having the to use the option "Use default gateway on remote network" on the VPN's TCP/IP Ipv4 Advanced Settings. This is important to me, since they can use their own internet while accessing my network through VPN (the security implications of this are acceptable on my cenario)
My Internal network runs on 10.50.75.x, and I set up Forefront TMG to relay the DHCP of my Internal network to the VPN clients, so they get IPs from the same range as the Internal network. This setup initially works, and the VPN clients use their own internet, and can access anything that is on the internal network. However, after a while, HTTP Proxy Traffic from the Internal network starts getting routed to the IP of the RRAS Dial In Interface, instead of the IP of the Internal's network gateway. When this happens, the HTTP Proxy starts getting denied for obvious reasons.
My first question is: does this happen because Forefront TMG wasn't designed to handle a cenario that I described above, and it "loses itself"?
My second question is: Is there any way to solve this problem, either through configuration or firewall policies?
My third question is: If there's no way that it can work with the cenario above, is there another cenario that will solve my problem, and do what I'd like it to do properly?
Below are my network routes:
1 => Local Host Access => Route => Local Host => All Networks
2 => VPN Clients to Internal Network => Route => VPN Clients => Internal
3 => Internet Access => NAT => Internal, Perimeter, VPN Clients => External
4 => Internal to Perimeter => Route => Internal, VPN Clients => Perimeter
Tks!
