Re: Multi-homed server and VPN
From: NeoAdmin (anonymous_at_discussions.microsoft.com)
Date: 04/28/04
- Next message: Matthew [MSFT]: "RE: Windows Server 2003 and slow login"
- Previous message: Len: "L2TP VPN connection between XP Pro and Win 2003 RRAS"
- In reply to: Bill Grant: "Re: Multi-homed server and VPN"
- Next in thread: Phillip Windell: "Re: Multi-homed server and VPN"
- Reply: Phillip Windell: "Re: Multi-homed server and VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Apr 2004 08:02:43 -0700
The idea was to separate the LAN traffic from the VPN
traffic. (not mine, I was advised to do so) LAN packets
bound for the Internet go to the gateway 192.168.1.251,
the LAN NIC of a Linux box serving as a firewall, then
through another Linksys router, and finally through a
cable modem to the 'net. (I just inherited this topology,
and have to trust it is all necessary. If it were solely
up to me, I would bag the Linux box, the second Linksys,
and just use the VPN Linksys for everything. The other
admin is concerned that having only the Linksys between
the LAN and the 'net would pose a security risk, and I
have not enough experience to argue with him. Although,
it does sem to me that that is exactly what we are doing
with the VPN Linksys anyway.) In any case, if I remove the
default gateway from the NIC on 192.168.1.x, does that
mean the server will use the gateway on the VPN NIC for
Internet access? Also, I have 192.168.1.251 as the router
setting in DHCP properties, so I assume DHCP clients will
still be using that as their default gateway. (Did I
mention the 2003 server is also the DHCP server for the
LAN?) Finally, do I set up static routes on the VPN
Linksys, the 2003 server in RRAS, or both?
>-----Original Message-----
> You should not have a default gateway configured on
your "private" NIC
>(192.168.1.x) . The only default route of this server
should be to the
>Internet router.
>
>
> In fact I cannot see any reason to have this router
at all. You should
>be able to do this from your Internet router. Set all
client machines to use
>the Internet router as their default. On the Internet
router, configure a
>static route to redirect traffic for the VPN-connected
site to the VPN
>router.
>
> For instance, if the subnet across the VPN link is
192.168.5.0/24, add a
>static route
>
> 192.168.5.0 255.255.255.0 192.168.2.1
>
>"NeoAdmin" <anonymous@discussions.microsoft.com> wrote in
message
>news:48da01c42bce$0cfe8280$a101280a@phx.gbl...
>> Server: win2k3, two NICs. NIC 1 is on 192.168.1.x, the
>> same network as the LAN. It has a default gateway of
>> 192.168.1.251, the LAN IP address of the router, so that
>> hosts on the LAN can get to the internet. NIC 2 is on
>> 192.168.2.x with default gateway of 192.168.2.1, the LAN
>> IP of the other router, a VPN-capable Linksys we use for
>> remote access. I have heard that mutiple default
gateways
>> on the same server is a No-No, but do not understand
why.
>> Everything is working correctly, as far as I can tell,
>> except that hosts on the VPN network, can only see
>> themselves and the server in Network Neighborhood, and
in
>> fact cannot reach any other hosts on the 192.168.1.x
>> network. How do I correct this? I have enabled routing
>> on the server, but there must be something else, because
>> it ain't workin'. Removing either of the default
gateways
>> is not an option, because doing so kills either internet
>> access for the LAN or kills the VPN. Someone with the
>> knowledge, willing to provied a little detail, please
>> respond.
>>
>
>
>.
>
- Next message: Matthew [MSFT]: "RE: Windows Server 2003 and slow login"
- Previous message: Len: "L2TP VPN connection between XP Pro and Win 2003 RRAS"
- In reply to: Bill Grant: "Re: Multi-homed server and VPN"
- Next in thread: Phillip Windell: "Re: Multi-homed server and VPN"
- Reply: Phillip Windell: "Re: Multi-homed server and VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
