We have successfully setup the VPN access, however, we have customer who only using our VPN for privacy concern and we do not want them to have access to the entire network file sharing permission, how do we do that? Setup: ISP > Standard Consumer Router without HDCP > Windows Server 2008 R2 RRAS VPN (with one static IP assigned to the server) Static IP Range is 192.168.11.40 to 192.168.11.51 for Windows Server 2008 R2 VPN, in which, match the router's IP assignment which is 192.168.11.xxx, by matching the first three sets of the IP that will allow the VPN client to access internet through our network. I have tried to uncheck the Enable IPv4 Forwarding under the IPv4 tab of the Routing and Remote Access Properties, by doing so, no VPN client can connect to our VPN service. So I re-checked the Enable IPv4 Forwarding under the IPv4 tab of the Routing and Remote Access Properties, by doing so, all VPN clients can connect to our VPN service. I also checked and re-checked the Enable this computer as a: IPv4 Router under General tab of the Routing and Remote Access Properties, no change, regardless all VPN clients can connect to our internal network and see or ping our other computers. So my question is, how do I allow VPN clients to connect to internet through our network without having access to our internal network resources? Thank youMicrosoft MVP