Re: routing problem
- From: "Bill Grant" <not.available@online>
- Date: Tue, 17 Jan 2006 12:35:01 +1100
Configuring by hand is theoretically possible, but usually involves
setting up routes after the connection is made. The basic problem is that
you don't know what to link the route to because the interface doesn't exist
until the connection is made.
First a bit of background. The essential thing with site to site VPN is
to get the routing for both subnets working through the connection. RRAS
does this by using demand-dial interfaces at both ends. The static routes
are linked to the dd interfaces. When the interfaces bind to the connection
the routes become active.
Here we hit the problem of mixing ISA and RRAS. With RRAS you have to
configure these manually on both routers, and take steps to ensure the
calling router connects to the correct dd interface on the answering router.
When the ISA wizard runs it gives you a file which you then run on the other
server to set this up. But if the other server isn't running ISA, what do
you do with it?
Robert Craig wrote:
> OK, unfortunately, I have to use the DC's as VPN routers. Eventually
> I am going to purchase two vpn routers to handle the load. Only the
> 2nd DC has ISA, which is running Windows Server 2003 Enterprise. The
> Primary DC is just running Windows Small Business Server 2003
> Standard with Routing and Remote Access enabled. Its configured as a
> NAT/Firewall router for LAN only with Remote Access enabled. A
> friend of mine suggested manaully putting in the static routes
> between the different ip addresses of the NIC's and the ip of the PDC
> (through the VPN tunnel) all on the SDC. I think this might work. If I
> get a firewall, I can eliminate ISA and just stick to RRAS on
> both ends. What do you think?
> Robert
>
> "Bill Grant" <not.available@online> wrote in message
> news:OKmd4SKGGHA.2036@xxxxxxxxxxxxxxxxxxxxxxx
>> If you want to route between sites, then you must have a
>> site-to-site VPN link to handle the routing. Do you have SBS premium
>> (or whatever it's called) so you have ISA at both ends? It will be
>> tricky to set up without that.
>>
>> I should also say the using DCs as VPN routers is not a great
>> idea. Apart from adding an extra load to your DCs, there are heaps
>> of problems which can result from that. It is possible (otherwise
>> SBS wouldn't exist) but it isn't recommended.
>>
>> Robert Craig wrote:
>>> OK. So, I need to use a site to site vpn setup by ISA?
>>>
>>> Robert
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:uOpJ14AGGHA.2012@xxxxxxxxxxxxxxxxxxxxxxx
>>>> How are you setting up this VPN link? Is it configured as a
>>>> site-to-site VPN?
>>>>
>>>> A normal dialup (or client-server) VPN cannot route traffic
>>>> between sites. The connection only sets up a host route back to the
>>>> calling machine. No machine behind the calling machine can use the
>>>> link, because the remote site has no route back to it.
>>>>
>>>> Robert Craig wrote:
>>>>> Two servers
>>>>>
>>>>> PDC - (Arkansas) SBS 2003
>>>>> SDC - (California) W2k3 Ent, ISA
>>>>>
>>>>> Problem is when vpn connection is established manually on SDC,
>>>>> clients on that side can access the web servers router address (ip
>>>>> address that goes through the router and out to the internet), but
>>>>> nothing else. The clients cannot access anything on the LAN side
>>>>> of the PDC, including the server itself. Kind of confused? So
>>>>> am I, but its almost like there aren't any routes involved to get
>>>>> directory services over to the SDC so users can log in and use
>>>>> outlook with exchange. Exchange is located on the PDC, that is
>>>>> also not accessible from the SDC client side. Any ideas?
>>>>> Robert
.
- Follow-Ups:
- Re: routing problem
- From: Robert Craig
- Re: routing problem
- References:
- routing problem
- From: Robert Craig
- Re: routing problem
- From: Bill Grant
- Re: routing problem
- From: Robert Craig
- Re: routing problem
- From: Bill Grant
- Re: routing problem
- From: Robert Craig
- routing problem
- Prev by Date: Netdiag.exe hangs
- Next by Date: Re: Virtual LAN Problem
- Previous by thread: Re: routing problem
- Next by thread: Re: routing problem
- Index(es):
Relevant Pages
|
