Re: Routes

Thanks Phillip!

I will not be able to get back into there site till monday next week. Once
there I will see if i can get it to work and post an update.

I've ordered an ISA book so i will get some reading done after this is
finished.

Thanks Again.

John

"Phillip Windell" wrote:

You can do that. It sounds pretty much correct. You would only partially
succeed with the original requirements because it won't limit LAN access to the
VPN Client

Or you could buy/learn/understand ISA server,...succeed completely in the
requirements and make the other IT guys look like idiots.

However,..remember!,...according to one of your ealier posts, you are dealing
with Terminal Services here,...that is important!!! Even if you restrict
access to only the Terminal Server by using something like ISA,...once the user
connects to the Terminal Server they have complete total access to the LAN via
the Terminal Server itself,...they can see and get to anything the Terminal
Server is capable of seeing or getting to.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------

"Buzz" <Buzz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8F1940CB-9CFB-4F1A-A7E2-9DD38C222E6E@xxxxxxxxxxxxxxxx
Hi Phillip,

I have been told that I have been set up to fail! The IT departmant of the
company involved are trying to get me to fail so they don't loose face.

I think that the best way forward is to forget what constraints they have
set and to give them a finished solution that will work!

Ok, Firstly I will get rid of NIC2 in both servers and work with a single in
both. and connect the Sonicwall to the LAN Switch.

I will allow full network access to the VPN clients.

The Default Gateway on the network shall remain 10.24.16.1.

The Sonicwall shall remain 10.240.16.6 and the servers will stay
10.24.16.10/10.24.16.12/10.24.16.14. The Pcs addresses are via DHCP and are
there to run terminal Sessions to 10.24.16.10 and 10.24.16.12. The Pc's also
run citrix sessions to there head office which allows them access to
Word/Excel, the internet and mail and routes there printing back up to there
local printers

The Backup domain controller is 10.24.16.14 and this runs the printers and
DHCP server.

John


"Phillip Windell" wrote:

"Buzz" <Buzz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D32C25E1-A93E-4D87-979F-B4CE06EF2E16@xxxxxxxxxxxxxxxx
You could probably make it easier for yourself if you could set up the
VPN to the Sonicwall, then connect by Remote Desktop or TS client to the
servers over the VPN connection.

That is exactly what i want to do! but the only way I can get a Ts client
to attach to the server is to have the Sonicwalls IP in the Default gateway
in Nic2.

This is what you said:
---------------
I have a quick question about static routes. I have been asked to supply a
VPN solution to access 2 servers for support purposes using a Sonicwall
device which is not to impact any of the system as at present and to
terminate at the servers and no further into the LAN.
---------------

You said,..."No futher into the LAN"

I said,.....
-------------------
You can't. When you successfully connect the VPN and it works properly the
whole LAN is available. That has always been the "weak point" of all the
Hardware VPN Appliances.
-------------------

So this is the situation,...unless you throw out the Sonicwall and use a
better
product like ISA Server for the job,...it **will** go further into the LAN
than
just the one machine you want to target.

So that leaves two questions:

1. Do you still want to do it anyway even though the access will be to the
entire LAN?

2. If the answer to #1 is yes,...then what is the LAN Topology designed like
so
that the routing can be set up propterly.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or
anyone else associated with me, including my cats.
-----------------------------------------------------






.

Relevant Pages

  • Re: vpn access from hotel room
    ... If you have a dedicated workstation on the LAN (or just access to any LAN ... users to keep all their data on the server so it's ... A VPN requires significantly more bandwidth ... If you're laptop has been joined to the SBS domain, ...
    (microsoft.public.windows.server.sbs)
  • Re: Routes
    ... succeed with the original requirements because it won't limit LAN access to the ... access to only the Terminal Server by using something like ISA,...once the user ... I will allow full network access to the VPN clients. ... terminate at the servers and no further into the LAN. ...
    (microsoft.public.windows.server.networking)
  • Re: Horrible VPN Performance
    ... Comment vis a vis running websites on SBS. ... VPN implementation in Microsoft software and talk to the ... > server database to scrap. ... which uses a workstation on the LAN running ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem accessing PCs when connected using VPN
    ... I can't however access or ping any other computer on the LAN other than the server. ... The problem arises when a workstation connected to SERVER01 via a VPN connection tries to access the shared folder on SERVER02. ... Yet when the same client connects using the LAN directly, it can access the same shard folder on SERVER02 perfectly well. ... Have you enabled routing between the 2 subnets? ...
    (microsoft.public.windows.server.networking)
  • Re: ICS quandary
    ... and RRAS allows interfaces to be created as ... i.e. a demand dial vpn. ... my LAN (3 XP pro, a 2k server domain controller, and a redhat 9). ...
    (microsoft.public.win2000.ras_routing)
Loading