I'm trying to set-up split tunnelling for my Windows XP VPN clients using CMAK. This is so that VPN clients use their own bandwidth, rather than ours while they are browsing the web. These days, 50 home 20Mb DSL connections is starting to kill our connection. Anyway, it's all pretty much working. The client can see all our internal network and other branches and is using their own dial-up connection to browse the internet. However, all DNS requests are initially being serviced by their dial-up/ISP's Default DNS server and not the DNS server assign to the VPN tunnel. If it's an internal server name, then it's fine and falls back to an internal DNS server, however if the FQDN exists out in the real world and on our internal servers, then it will use the real world lookup and not our local DNS server for a nice quick (and non RSA protected) local IP address. so basically, if I type nslookup in a command prompt, then it defaults to the VPN clients ISP DNS server and not our internal server. Initially I just thought it was the old bind problem for the ndiswanip which occasionally rears its head, but I've moved that to the top of the bindings in the registry with no resolution to my problem. So basically, I'm building a VPN connection using CMAK. It has "use default gateway" ticked. then I have a routing table defined which is add 129.69.200.0 mask 255.255.255.0 default METRIC default IF default add 210.0.0.0 mask 255.255.255.0 default METRIC default IF default add 192.0.200.0 mask 255.255.255.0 default METRIC default IF default REMOVE_GATEWAY Those three are internal networks. Don't ask about the IP's, historic and now a PITA. Without the REMOVE_GATEWAY part, it all works fine and uses the correct DNS server, however then the clients are browsing over our connection. The VPN server is an ISA2006, which also assigns the DNS server from the DHCP server. Using PPTP and RSA OTP EAP for encryption. Any suggestions, or is this just the way it is?

hmmm, seems that although i went into advanced network conntactions, and moved the remote access connection to the top of the binding list, it didn't actually take affect even though i click ok. i went in a second time, just to check my settings (and they were in the right order), and even though i didn't make any changes, i clicked ok and now everything is working. i've tested this by ghosting back to a basic installation, and installing the CMAK created DUN, then repeating the process. very strange :(