2 Nics - one to internet one to VPN

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

OK... difficult question. The answer may be this isn't possible.

I have 2 NICS...

First NIC: 192.168.1.25 / 255.255.255.0 Gateway 192.168.1.1 (PIX firewall)
Second NIC: 192.168.1.40 / 255.255.255.0 Gateway 192.168.1.20 (VPN Router)

Problem:
If NIC#1 is enabled before NIC#2, I can browse the internet but cannot
connect through the VPN router. If NIC#2 is enabled first, then I can
connect through the VPN but cannot browse the internet.

How can I do both at the same time?


Thanks in advance.
 
Gandiel said:
OK... difficult question. The answer may be this isn't possible.
Click to expand...
Problem:
If NIC#1 is enabled before NIC#2, I can browse the internet but cannot
connect through the VPN router. If NIC#2 is enabled first, then I can
connect through the VPN but cannot browse the internet.

How can I do both at the same time?
Click to expand...

No. You are doing two things wrong at the same time.

1. One Nic per subnet (except for Nic Teaming situations)
2. On default gateway per whole machine.

Use *one* Nic. Static Routes in the Routing Table determine the right path
for the VPN Traffic.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
No. You are doing two things wrong at the same time.
1. One Nic per subnet (except for Nic Teaming situations)
2. On default gateway per whole machine.

Use *one* Nic. Static Routes in the Routing Table determine the right path
for the VPN Traffic.
Click to expand...

I still don't understand how to accomplish this... maybe this diagram will
help.

Local Machine
| |
NIC#1 NIC#2
(192.168.1.25 (192.168.1.40
GTW: 192.168.1.1) GWY: 192.168.1.20)
| |
PIX FIREWALL VPN Router to Client
(192.168.1.1) (192.168.1.20)
| |
Internet Client Site
 
You should only be using 1 NIC card since both are setup on the same subnet
(192.168.1.X). This would only work if each NIC was on being used to connect
to a different subnet. You should have a router in place in your network
that would handle directing traffic to either your PIX or your VPN Firewall,
or you can setup a static route on your PC that would direct traffic in the
appropriate place. If you kept the settings for NIC 1 in place and used a
route to do the job of the 2nd NIC, you would add a route on your PC like
this:

route add (destination subnet of client site) mask 255.255.255.0
192.168.1.20 metric # /p(for persistent)
 
What Phillip said is:

"There is no right way to do what you want to do."

The only way you can make it work is to put one network card or the other on
an entirely different network address range. 192.168.1.25 and 192.168.1.40
are in the same range, and what you want cannot be done.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
 
Richard G. Harper said:
What Phillip said is:

"There is no right way to do what you want to do."
Click to expand...

Sometimes I just don't say it simple enough.... ;-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
Back
Top