Re: IP routing on VPN
From: David N (david.naigles_at_lansa.com)
Date: 02/11/04
- Next message: Mike: "Confused about Licensing???"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: IP routing on VPN"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: IP routing on VPN"
- Next in thread: Phillip Windell: "Re: IP routing on VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Feb 2004 11:57:09 -0800
>Phil-
>If I don't have a static route for my external NIC, then
>my VPN clients can't connect to the VPN server. Here's
my
>config:
>
>External NIC 65.240.13.209 255.255.255.192
>Internal NIC 192.168.30.2 255.255.255.0
>Internal Subnets 192.168.30.0,192.168.32.0,192.168.33.0
>Frame router that routes to subnets 192.168.30.1
>External router 65.240.13.193
>
>Static Routes
>0.0.0.0 0.0.0.0 65.240.13.193 (External NIC)
>192.168.30.0 255.255.255.0 192.168.30.1 (Internal NIC)
>192.168.32.0 255.255.255.0 192.168.30.1 "
>192.168.33.0 255.255.255.0 192.168.30.1 "
>
>How does the public NIC know to get to the Frame router?
>How do the VPN clients know to get to the outside NIC?
>
>David
>
>>-----Original Message-----
>>"David N" <david.naigles@lansa.com> wrote in message
>>news:eac801c3f0cc$63bea920$a401280a@phx.gbl...
>>> I have a RRAS Server setup as a VPN with two NICs.
One
>is
>>> connected to a CISCO router and from there to the
>>> internet. It has a public IP address. The second is
>>> inside my LAN and has a private IP address. Neither of
>>> them has a default gateway. I am using DHCP to get RAS
>>> Client IP addresses from the LAN DHCP server. I setup
a
>>> static route with 0.0.0.0 as destination, 0.0.0.0 as
>mask,
>>> and the router's IP address as the gateway. I also
setup
>>
>>Remove that route. Just use the Internet Router (frame
>relay router?) as
>>the Default Gateway of the public NIC. The private NIC
>should never have a
>>Default Gateway.
>>
>>If your private LAN is a single subnet there are no
>routes to create, and if
>>there are subnets on the private side but the RRAS box
>servers as the
>>central router then there still are no routes to create.
>All the clients on
>>the private network may or may not require a Default
>Gateway,...it just
>>depends on the situation. If they did need one it would
>most likely be the
>>RRAS machine, but that isn't an absolute.
>>
>>If there are subnets on the private side then a static
>route to each segment
>>must be added to the RRAS/VPN Server (not including the
>Public side). The
>>routes would point to what ever router takes it to the
>destination. The
>>rest can get really complicated. All clients would use
>the router that is in
>>their immediate subnet, then the router directly facing
>the RRAS/VPN box
>>would probably use the RRAS/VPN box as its Default
>Gateway, but again that
>>isn't absolute....it just depends.
>>
>>VPN Clients, when getting the DHCP assignment, must use
a
>Default Gateway
>>that agrees with what other clients using an IP# of the
>same subnet use. VPN
>>is really irelevant, the client behaves just as any
other
>client on the same
>>subnet behaves (VPN or no VPN) and is subject to the
same
>settings and
>>rules.
>>
>>Note that all public IP#s are meaningless to any of this
>VPN stuff. The
>>public IP#s do nothing more than serve as "phone
numbers"
>for the VPN to
>>"dialup" to create the Tunnel. The public IP#s have no
>role in routing just
>>as the phone number serves no "routing purpose" for a
>typical modem based
>>dialup user.
>>
>>--
>>
>>Phillip Windell [MCP, MVP, CCNA]
>>www.wandtv.com
>>
>>
>>
>>.
>>
>.
>
- Next message: Mike: "Confused about Licensing???"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: IP routing on VPN"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: IP routing on VPN"
- Next in thread: Phillip Windell: "Re: IP routing on VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
