2 Networks, 2 VPN servers, 1 LAN

  • Thread starter Thread starter Califonte
  • Start date Start date
C

Califonte

I have 2 different networks I am connecting to, one DSL, one Cable.
On each network I have a separate VPN server. they both connect on
their internal NIC's to the same LAN. On the LAN, I have a device
that only can have 1 default Gateway and I cannot add/change the
routing table. How can I configure the VPN servers to work with this
device and traffic get routed to the right network? Do I have the VPN
servers on the same internal subnet, or different ones and turn on
routing on one of the VPN servers? or can a VPN server take in two
networks so I don't have to use 2 servers? and Yes, i have to have 2
different network connections.

DSL Cable
| |
| |
|--| VPN |--| VPN
|__| |__|
| |
-----------------------------
|
|
|--|Dumb Device
|__|

Thanks,

Califonte
 
If you can't add a static route to the client, you can add a static
route to one of the servers to forward traffic for the "other" remote site.

So on the VPN server which is the default gateway, add a static route to
forward traffic for the "other" remote site to the other VPN server.
 
Bill Grant said:
If you can't add a static route to the client, you can add a static
route to one of the servers to forward traffic for the "other" remote site.

So on the VPN server which is the default gateway, add a static route to
forward traffic for the "other" remote site to the other VPN server.
Click to expand...

I don't have a remote site. These VPN servers are giving me remote
access to this "protected" device from anywhere. So if i create a VPN
session on the DSL side, i need traffic to exit the DSL side and same
w/ cable. can I do this with 1 win2k server instead of 2? does win2k
have the ability to do this?

Thanks,

Cal
 
Sorry, I thought you were trying to access remote sites from the
device, not access the device from remote locations.

How are these VPN servers set up? Are they set up to accept "dialup" (ie
client-server) connections from anywhere? Or are they routed links from
other networks?

You cannot use default routing to send data to two different gateways.
Only one default route can be active at any one time. So if the traffic
going from your device can be for any IP address, you cannot ensure it goes
back out the interface it came through. If the traffic is coming from a
known address or group of addresses (such as an IP subnet), you can ensure
it goes by a particular gateway using static routes to override the default
routing.
 
If the VPN servers are W2k, you can solve the problem by putting
everything in the same subnet, so that no "real" IP routing takes place.

If the VPN clients receive IP addresses in the same IP subnet as the LAN
machines, the traffic from the remotes will just be forwarded on to the LAN
as Ethernet frames with their original addresses. When a LAN machine
replies, it sends the frame as a normal hardware-addressed frame on the
wire. The VPN server does proxy ARP for its client, gets the frame and
relays it over the point-to-point link. So the "right" VPN server will get
the packet, because only the server which hosts the connection will do proxy
ARP for it.
 
Back
Top