Re: Remote SiteB to VPN over internet to SiteA AND Browse internet

OK. What you really have to do is set the machines in site B to access
the Internet using NAT rather than using the proxy server at site A.

Exactly how you do that depends on your config. There are basically two
options.

1. You use the DSL router as the gateway for the local LAN and redirect
site A traffic to the RRAS router. The DSL router does NAT for the
workstations. In this setup you only have one NIC in the RRAS machine and
forward the VPN traffic from the router to the RRAS server.

2. You use the RRAS router as the default gateway for thr LAN machines. In
this case you need to enable LAN routing on the RRAS server. You also need
extra routing on the DSL router to get traffic to the "private" LAN (which
is in a different subnet from the DSL router).

There is a third option which is to configure the RRAS router to do NAT.
This works but is inefficient, because you are doing NAT twice (once at the
RRAS router and again at the DSL router). I use this method for a test
system using virtual machines which only rarely needs Internet access. If
you cannot program your DSL router to do port forwarding or add static
routes, this is the method you will need to use.

Case 1.

Internet
|
DSL NAT router (static route <site A IP range and netmask> 192.168.0.n)
192.168.0.1
|
workstations
192.168.0.x dg 192.168.0.1
|
RRAS
192.168.0.n dg 192.168.0.1

Case 2.

Internet
|
DSL NAT router (static route 192.168.10.0 255.255.255.0
192.168.0.2)
192.168.0.1
|
192.168.0.2 dg 192.168.0.1
RRAS (VPN and LAN router)
192.168.10.1 dg blank
|
workstations
192.168.10.x df 192.168.10.1

Case 3?

Internet
|
DSL NAT router
192.168.0.1
|
192.168.0.2 dg 192.168.0.1
RRAS NAT
192.168.10.1 dg blank
|
workstations
192.168.10.x dg 192.168.10.1


GFowl wrote:
Thanks for the responses.
RRAS is set up at boths sites, and commicate through VPN tunnel.
Site B route all traffic to site A, through VPN tunnel

Have new responsibilty of Network, alsways been jsut servers and
systems in the past, little new on the routing thing...

"Robert L [MS-MVP]" wrote:

Bill,

Thank you for the detail input.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com "Bill Grant" <not.available@online>
wrote in message news:u2p1GkvRGHA.1576@xxxxxxxxxxxxxxxxxxxxxxx
To expand on Bob's comments, we really need to know what you are
using for Internet access at site A. To get this to work requires
a site to site (sometimes also called router to router or LAN to
LAN) VPN link. You cannot simply set this up at site B. It needs
to be correctly configured at both ends of the link. The router as
site A needs to know how to route traffic for site B through the
tunnel (not directly out to the Internet).

If you have a RRAS router at site A, you can use the Microsoft
RRAS solution. Trying to configure it between different systems
(ever RRAS and ISA server) is not easy.

A routed site to site connection will do what you want.
Traffic destined for the "other" site will be routed through the
VPN tunnel. Other traffic will go out to the Internet as usual.

Robert L [MS-MVP] wrote:
> do you have windows site to site VPN? posting the routing table
here > may help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "GFowl" <GFowl@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:26C87790-63D6-4C89-977E-FF481941C0F3@xxxxxxxxxxxxxxxx
> GOAL: Want users at a remote site to be able to browse the
internet > via their
> own DSL internet connection while at the same time VPN all
internal > traffic
> to main site over WAN.
> Currently there is just the one VPN connection setup, all
traffic > including
> internet use utilixes it.
>
> 2003 Server with RRAS at Remote Site B has an External and
Internal > NICs,
> and VPN connection to Site A. Site B is our small, remote
site, > they connect
> over internet DSL connection via the VPN to access Exchange and
> other
> services on the WAN.
> I want to allow there internet access of non-local site to go
> directly out
> their own internet connection (RRAS Server, DSL Router to
Modem, to > the
> internet). They are currently pointing to a proxy server a the
> Main Site,
> Site A.
> Can't figure out how to do it on the server, any help would be
> appreciated.
> The clients at the site have the server as their default
gateway. > I know its
> probably something simple, any help or leads would be
appreciated


.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... I checked the binding order and the Server Local area connection is at the top. ... I should have been more clear about internet connection.. ... I wonder if I may have missed a firewall setting on the router as well. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... I checked the router, I am running a laptop off of it so I can post. ... Les Connor [SBS Community Member - SBS MVP] ... make sure the DHCP Client Service is running on the server. ... First Page of the Internet Connection Wizard, ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Issue
    ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... OK, yes, I've struck a router which would only allow DHCP clients access to ... no internet connection from the server. ...
    (microsoft.public.windows.server.sbs)