Re: End point VPN routers on geographically separate Win2K3 DC controlled networks
From: ch (anonymous_at_discussions.microsoft.com)
Date: 04/23/04
- Next message: Sergio Moreno: "RE: Cannot authenticate wireless"
- Previous message: Sergio Moreno: "Re: DNS-NetBios name resolution order"
- In reply to: Phillip Windell: "Re: End point VPN routers on geographically separate Win2K3 DC controlled networks"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 23 Apr 2004 14:40:24 -0700
Dude, you are the man! I'd asked someone if that set up
(VPN as DG and it's DG = router) would work and was told
no - so I keep posting until I can get a methodology that
would work - been spinning my wheels for nothing. Yes -
I'd planned to go static route - as there are only two
IP's in the mix (each office's public IP).
THANK YOU - (now I can sleep - this has to be implemented
by Tuesday)
ch
>-----Original Message-----
>I replied to this in the other thread you asked it. I
have repeated it
>below.
>
>"ch" <anonymous@discussions.microsoft.com> wrote in
message
>news:2f2401c428ad$01504eb0$a401280a@phx.gbl...
>> You wrote:
>> "whatever is their default gateway must have the routing
>> setup on it so that it knows to send anything for the
>> remote network to the VPN box"
>>
>> Right now the default gateways are the routers
(connected
>> to the cable modem / ADSL modem) for each respective
>> office. This is how each office currently connects to
the
>> internet.
>
>That is normal.
>
>> I've read much of the documentation for each router and
>> cannot figure out how to get the routers to point
traffic
>> to the Win2K3 VPN router (if and only if that traffic is
>> destined for the other office). So I thought that it
must
>> be handled by the DC server (which houses the DNS & DHCP
>> servers).
>
>No, DCs, DNS, and DHCP lives in a totally different realm
and have
>no relationship to Layer3 Routing. Routing
is,...well..Layer3, while all
>that
>other stuff is well up and beyond Layer7.
>
>>The article I am building my end-point routers
>> by speaks about configuring the workstations to point to
>> the VPN server as thier default gateway - but I do NOT
>> want one office to traverse teh wire to use teh other
>> office's DG for internet access. That would make things
>> probitively slow.
>
>I think you undestand the problem exactly. You either
have to get those
>routers setup to send the proper traffic to the VPN
device or the VPN device
>must become the Clients Default Gateway. But pointing
the clients to the
>VPN Device doesn't mean that all the traffic would go
over the VPN. The VPN
>Device would have *its* Default Gateway set to the ADSL
Router and would
>then forward all "unspecified routes" (the Internet) to
the ADSL Router and
>send the "specified routes" (VPN traffic) to the remote
VPN network based on
>the destination address. Remember that the VPN Device
knows about the
>networks on both sides of it and therefore knows what to
do with those
>destinations. In the worst case, you might have to add
static routes to the
>VPN Device's routing table, but I think they would
already be there since
>those respresent "Directly Connected Networks" from the
VPN Device's
>perspective.
>
>--
>
>Phillip Windell [MCP, MVP, CCNA]
>www.wandtv.com
>
>
>
>.
>
- Next message: Sergio Moreno: "RE: Cannot authenticate wireless"
- Previous message: Sergio Moreno: "Re: DNS-NetBios name resolution order"
- In reply to: Phillip Windell: "Re: End point VPN routers on geographically separate Win2K3 DC controlled networks"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
