Hi;
Yes, you're right, it's a routing issue, but you don't have to do anything on your firewall unless you want that the PPTP clients also surf through the firewall in addition to using VPN resources (it's not recommanded).
in the client side, just after the pptp connection establishment, if you're running a Windows PPTP client, you get two different default routes :
the first is the one toward the internet gateway, the second one is to the ppp interface with your firewall
so to allow the clients to use the VPN resources and continue their surf, you have to delete the new default route created by the PPTP connection, and add a route with the VPN prefix to the ppp interface.
For exemple
in the client side, you're connected to the internet using :
cmd> ipconfig
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . : 82.101.152.9
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 82.101.152.1
cmd> route print
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 82.101.152.1 82.101.152.9 25
After the PPTP connection establishment you'll have :
cmd> ipconfig
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . : 82.101.152.9
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 82.101.152.1
PPP adapter:
IP Address. . . . . . . . . . . : 10.23.74.94
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.23.74.94
cmd> route print
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.23.74.94 10.23.74.94 1
0.0.0.0 0.0.0.0 82.101.152.1 82.101.152.9 25
you have to delete the default route newly created
cmd>route del 0.0.0.0 mask 0.0.0.0 10.23.74.94
and add a more specific route, let's say that the VPN resources subnet behind your firewall is 172.18.53.0/24
cmd>route add 172.18.53.0 mask 255.255.255.0 10.23.74.94
So when the client wants to reach your VPN resouces, he/she will use the specific route, and continue using the default route to surf.
You can avoid the creation of the default route in Windows by following the procedure below:
right-click the PPTP connection, click "properties"
under the "Networking" tab, choose "Internet Protocol (TCP/IP)" and click "properties"
under the tab "General" click "Advanced..."
under the tab "IP Settings" uncheck the check-box "Use default gateway on remote network"
ok,ok, ok ... until closing all the tool-boxes.
But you will always have to enter the specific route of the VPN subnet to the PPP interface.