Re: IP routing on VPN
anonymous_at_discussions.microsoft.com
Date: 02/11/04
- Next message: David N: "Re: IP routing on VPN"
- Previous message: Brian Minier: "Re: SBS 2003 VPN"
- In reply to: Phillip Windell: "Re: IP routing on VPN"
- Next in thread: David N: "Re: IP routing on VPN"
- Reply: David N: "Re: IP routing on VPN"
- Reply: Phillip Windell: "Re: IP routing on VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Feb 2004 11:27:13 -0800
Phil-
If I don't have a static route for my external NIC, then
my VPN clients can't connect to the VPN server. Here's my
config:
External NIC 65.240.13.209 255.255.255.192
Internal NIC 192.168.30.2 255.255.255.0
Internal Subnets 192.168.30.0,192.168.32.0,192.168.33.0
Frame router that routes to subnets 192.168.30.1
External router 65.240.13.193
Static Routes
0.0.0.0 0.0.0.0 65.240.13.193 (External NIC)
192.168.30.0 255.255.255.0 192.168.30.1 (Internal NIC)
192.168.32.0 255.255.255.0 192.168.30.1 "
192.168.33.0 255.255.255.0 192.168.30.1 "
How does the public NIC know to get to the Frame router?
How do the VPN clients know to get to the outside NIC?
David
>-----Original Message-----
>"David N" <david.naigles@lansa.com> wrote in message
>news:eac801c3f0cc$63bea920$a401280a@phx.gbl...
>> I have a RRAS Server setup as a VPN with two NICs. One
is
>> connected to a CISCO router and from there to the
>> internet. It has a public IP address. The second is
>> inside my LAN and has a private IP address. Neither of
>> them has a default gateway. I am using DHCP to get RAS
>> Client IP addresses from the LAN DHCP server. I setup a
>> static route with 0.0.0.0 as destination, 0.0.0.0 as
mask,
>> and the router's IP address as the gateway. I also setup
>
>Remove that route. Just use the Internet Router (frame
relay router?) as
>the Default Gateway of the public NIC. The private NIC
should never have a
>Default Gateway.
>
>If your private LAN is a single subnet there are no
routes to create, and if
>there are subnets on the private side but the RRAS box
servers as the
>central router then there still are no routes to create.
All the clients on
>the private network may or may not require a Default
Gateway,...it just
>depends on the situation. If they did need one it would
most likely be the
>RRAS machine, but that isn't an absolute.
>
>If there are subnets on the private side then a static
route to each segment
>must be added to the RRAS/VPN Server (not including the
Public side). The
>routes would point to what ever router takes it to the
destination. The
>rest can get really complicated. All clients would use
the router that is in
>their immediate subnet, then the router directly facing
the RRAS/VPN box
>would probably use the RRAS/VPN box as its Default
Gateway, but again that
>isn't absolute....it just depends.
>
>VPN Clients, when getting the DHCP assignment, must use a
Default Gateway
>that agrees with what other clients using an IP# of the
same subnet use. VPN
>is really irelevant, the client behaves just as any other
client on the same
>subnet behaves (VPN or no VPN) and is subject to the same
settings and
>rules.
>
>Note that all public IP#s are meaningless to any of this
VPN stuff. The
>public IP#s do nothing more than serve as "phone numbers"
for the VPN to
>"dialup" to create the Tunnel. The public IP#s have no
role in routing just
>as the phone number serves no "routing purpose" for a
typical modem based
>dialup user.
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>
>.
>
- Next message: David N: "Re: IP routing on VPN"
- Previous message: Brian Minier: "Re: SBS 2003 VPN"
- In reply to: Phillip Windell: "Re: IP routing on VPN"
- Next in thread: David N: "Re: IP routing on VPN"
- Reply: David N: "Re: IP routing on VPN"
- Reply: Phillip Windell: "Re: IP routing on VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
