I have been trying something a bit odd !

My work place allows workers to connect remotely to a Terminal Server. But, this can be done only via VPN connection.

We actually run two types of VPN :

1. SSL (using a legacy Juniper machine)
2. PPTP (using a FortiGate machine)

Now some users, lately have changed their OS to the all new Windows 8.

That is where an issue popped up - Windows 8 is NOT recognized by our legacy Juniper !!

What this causes, is that anyone using Win8 and wanting to connect to the work's Terminal Server - MUST use PPTP tunneling and then use RDP to actually connect to the server.

This could have been all right  if not for the odd fact that our workplace is disconnected from internet surfing (except for a very modest Whitelist).

Hence causing users, who need to surf - a real messy job.

After a while, a persistent user who didn't want to give up - found a solution - Split Tunneling !

As it seems - split tunneling is an option in VPN connections from XP and up.

All that has to be done is uncheck the box of "Use default gateway on remote network", under "Advanced" option in the "TCP/IPv4" properties in the "Network" tab, all in the VPN connection properties.

But.....     (and here comes the real twist), once you are working with Split Tunneling - THERE IS NO RDP TO THE REMOTE SERVER !!!

As it seems, the reason for that is quite simple.

RDP connection or even a Ping query is a service which must be directed (or should we say Routed) via a specific network. When using Windows split tunneling - all that it does in terms of services, is route all web traffic via the external connection (not VPN).

So after a hint or two and some digging - here is what needs to be done:

1. After configuring Split Tunneling and connecting your VPN tunnel connection.
2. Open a command line "As administrator".
3. Type -  route print    (That should show you the routing table for your connections. Pay special attention to the "Interface List" and number of interface representing your VPN connection).
4. Type in as follows: route add 10.1.1.0 mask 255.255.255.0 10.1.1.254 metric 3 if 2 -P 
5. The first IP is your destination (i.e. workplace first network IP address in the pool).
6. The MASK is the subnet mask for the first IP (sec. 5).
7. Then comes the default gateway IP address.
8. METRIC is your specification to put your VPN network - first in order of all routing in the table.
9. IF - is to specify the number of your interface pointing to the VPN connection (sec. 3).
10. -P  -  This is to assure all the above routing configuration will not be lost next time you reboot, and therefore this attribute causes the routing changes - be Permanent.
11. Try a PING to a client on your VPN connected network, and see if successful.

** UPDATE**

     since Windows 10 - you MUST insists on exact upper and lower case. So the add route command must be as follows: 

route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 3 IF 2 -P

Hooray !

Mission Complete !!!!!

Good luck,       AVSROT.