Re: Routes

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Buzz" <Buzz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3809FF9F-8B75-4320-9054-48B34E4E6C70@xxxxxxxxxxxxxxxx


"Bill Grant" wrote:

And even when you put them in different IP subnets you will still have
problems with default gateway settings. A machine can only have on dg per
machine, not one per interface. The VPN will work if you set the dg to go
out through the Sonicwall, but the server will lose its normal Internet
connection through the LAN router. (Not to mention the name resolution
problems with multihomed servers).


The Application Servers are solely used to run an application and serve
this
via terminal services to the users, They have no access to the internet
through these servers. The printers for the sessions are on the DC.

If I set the DG to the IP address of the sonicwall what impact will it
have
on user verification and printing?

Sorry I've been dropped into this with little knowledge if
infrastructures!

John

The basic problem is that you are trying to use VPN to do a job that it
was not designed for. As Phillip pointed out, VPN is designed to make the
remote client perform as if it was actually on the private network. For that
reason it gets access to all the machines on the LAN.

If you put a second NIC in the server, it really should be in a
different IP subnet from the LAN NIC. This second NIC would need to be
connected to a different hub/switch from the LAN NIC. The second NIC in the
servers and the Sonicwall internal IP would then be in their own subnet on
their own network (with the Sonicwall as the default gateway for this LAN).
You would then make a VPN connection to the Sonicwall and would be able to
see the two servers only.

The big problem remaining is name resolution. As soon as you put two
NICs in a machine you have two IP addresses associated with its name. This
causes all sorts of problems (and is why Microsft recommends that you do not
multihome DCs). It is workable if the LAN machines always use the LAN IP and
"external" users always the other IP. This isn't as easy as it might seem.
For instance, accessing printers on the LAN will be tricky because they
often rely on Netbios names and/or the browser service.

You could probably make it easier for yourself if you could set up the
VPN to the Sonicwall, then connect by Remote Desktop or TS client to the
servers over the VPN connection.


.

Relevant Pages

  • Re: Routes
    ... I will allow full network access to the VPN clients. ... The Sonicwall shall remain 10.240.16.6 and the servers will stay ... terminate at the servers and no further into the LAN. ...
    (microsoft.public.windows.server.networking)
  • Re: Routes
    ... I will allow full network access to the VPN clients. ... The Sonicwall shall remain 10.240.16.6 and the servers will stay ... terminate at the servers and no further into the LAN. ...
    (microsoft.public.windows.server.networking)
  • Re: Routes
    ... out through the Sonicwall, but the server will lose its normal Internet ... The LAN and Sonicwall NICs should be in different subnet, ... Networking, Internet, Routing, VPN Troubleshooting on ... VPN solution to access 2 servers for support purposes using a Sonicwall ...
    (microsoft.public.windows.server.networking)
  • Internal NIC weird after reconfig of RRAS server. Desperate!!
    ... let's VPN traffic through to the external nics of the VPN servers. ... IAS) on the internal LAN, and the checkpoint lets this through from the ... When I restarted the RRAS ...
    (microsoft.public.win2000.ras_routing)
  • Re: Connecting different Servers over Internet
    ... VPN from home. ... data on the different servers and such; ... >> the lan). ... we are working with one ISP and doing a wireless ...
    (microsoft.public.win2000.advanced_server)