I've found a work around for this. Instead of using the CMAK Rounting
Table update, ues the Classless Static Routes DHCP Option.
USING THE CLASSLESS STATIC ROUTES DHCP OPTION
Windows 2000, Windows XP, and Windows Server 2003-based VPN clients
send a DHCPInform message to the VPN server, requesting a set of DHCP
options. This is done so that the VPN client can obtain an updated list
of DNS and WINS servers and a DNS domain name that is assigned to the
VPN connection. The DHCPInform message is forwarded to a DHCP server on
the organization intranet by the VPN server and the response is sent
back to the VPN client.
Windows XP and Windows Server 2003-based VPN clients include the
Classless Static Routes DHCP option in their list of requested DHCP
options. If configured on the DHCP server, the Classless Static Routes
DHCP option contains a set of routes representing the address space of
your intranet. These routes are automatically added to the routing table
of the requesting client when it receives the response to the DHCPInform
message and automatically removed when the VPN connection is
The Windows Server 2003 DHCP Server service supports the configuration
of the Classless Static Routes option (option number 249).
To use the Classless Static Routes option for split tunneling,
configure this option for the scope that corresponds to the intranet
subnet to which the VPN server is connected. Next, add the set of routes
that correspond to the summarized address space of your organization
intranet. For example, if you use the private IP address space for your
organization intranet, the Classless Static Routes option would have the
following three routes:
- 10.0.0.0 with the subnet mask of 255.0.0.0
- 172.16.0.0 with the subnet mask of 255.240.0.0
- 192.168.0.0 with the subnet mask of 255.255.0.0The Router IP address for each route added to the Classless Static
Routes option should be set to the IP address of a router interface on
the intranet subnet to which the VPN server is connected. For example,
if the VPN server is connected to the intranet subnet 10.89.211.0/24 and
the IP address of the intranet router on this subnet is 10.89.21.1, then
set the Router IP address for each route to 10.89.21.1.
Do _not_ set the VPN connection to be the default gateway.
You will also need Vista SP1 or this 'You cannot use a remote access
server to apply DHCP options to a Windows Vista-based computer'
hope this helps