F
Fernando Ronci
Hi,
Here is my current setup.
I administer a network comprised of several workstations running Windows
2000 Professional that have internet access through a Windows 2000 Server
gateway which performs NAT between the network interface that "talks" to the
outside world, and the one that talks to the LAN. NAT is achieved via
Windows 2000 Server's "Routing and Remote Access", as per Knowledge Base
Article # 299801 configuration guidelines.
On the LAN side, the Win 2K workstations have access to the web, SMTP, and
the rest of the traditional internet services. Additionally, these client
workstations establish a VPN connection to a remote server for corporate
mail access. As with the ordinary internet traffic, the VPN is routed
through the Windows 2000 Server NAT server. For security reasons, VPN access
and the rest of internet traffic are exclusive, that is, when a user does
VPN he/she cannot access the web simultaneously and viceversa, so VPN and
ordinary internet access never overlap.
In this scenario, everything works absolutely fine. However, and for reasons
that go beyond the scope of this subject, the internet feed is of the VSAT
type, with tons of downstream bandwidth available and a bare 19.2 Kbps for
upload, which is kind of unsuitable for the VPN, where a more "symmetric"
service would speed things up. Then, the company managers have thought of
buying an ADSL connection which, although asymmetric, its upstream bandwidth
would meet our needs. Their goal is to use ADSL *only* for the VPN and keep
the other pipe for the web, etc. In this situation, the Win 2K Pro client
workstations should be configured in such a way that they route their
ordinary internet traffic through the VSAT pipe and the PPTP traffic through
the ADSL feed. At this point I have two doubts: 1) If this kind of routing
is possible to achieve on the Win 2K workstations and 2) if it is possible
to configure the "Routing and Remote Access" service on the Win 2K gateway
to "include" the new ADSL connection. (I wouldn't mind if I had to add one
or more NICs on the gateway machine).
By the way, the two internet feeds come from different ISP's, thus the IP
address range of the two feeds belong to different subnets. What's more, I
dare say the ADSL provider will assign us a dynamic, already-NATted address
of class 192.168.x.x, as is common practice these days. On the other hand,
the NIC on the WAN side of our gateway in our current setup owns a static,
public IP address.
I will appreciate if someone provided some insight on how to make two feeds
from different ISP's coexist and achieve proper routing without conflicts.
Thank you.
Fernando Ronci
E-mail: (e-mail address removed)
Here is my current setup.
I administer a network comprised of several workstations running Windows
2000 Professional that have internet access through a Windows 2000 Server
gateway which performs NAT between the network interface that "talks" to the
outside world, and the one that talks to the LAN. NAT is achieved via
Windows 2000 Server's "Routing and Remote Access", as per Knowledge Base
Article # 299801 configuration guidelines.
On the LAN side, the Win 2K workstations have access to the web, SMTP, and
the rest of the traditional internet services. Additionally, these client
workstations establish a VPN connection to a remote server for corporate
mail access. As with the ordinary internet traffic, the VPN is routed
through the Windows 2000 Server NAT server. For security reasons, VPN access
and the rest of internet traffic are exclusive, that is, when a user does
VPN he/she cannot access the web simultaneously and viceversa, so VPN and
ordinary internet access never overlap.
In this scenario, everything works absolutely fine. However, and for reasons
that go beyond the scope of this subject, the internet feed is of the VSAT
type, with tons of downstream bandwidth available and a bare 19.2 Kbps for
upload, which is kind of unsuitable for the VPN, where a more "symmetric"
service would speed things up. Then, the company managers have thought of
buying an ADSL connection which, although asymmetric, its upstream bandwidth
would meet our needs. Their goal is to use ADSL *only* for the VPN and keep
the other pipe for the web, etc. In this situation, the Win 2K Pro client
workstations should be configured in such a way that they route their
ordinary internet traffic through the VSAT pipe and the PPTP traffic through
the ADSL feed. At this point I have two doubts: 1) If this kind of routing
is possible to achieve on the Win 2K workstations and 2) if it is possible
to configure the "Routing and Remote Access" service on the Win 2K gateway
to "include" the new ADSL connection. (I wouldn't mind if I had to add one
or more NICs on the gateway machine).
By the way, the two internet feeds come from different ISP's, thus the IP
address range of the two feeds belong to different subnets. What's more, I
dare say the ADSL provider will assign us a dynamic, already-NATted address
of class 192.168.x.x, as is common practice these days. On the other hand,
the NIC on the WAN side of our gateway in our current setup owns a static,
public IP address.
I will appreciate if someone provided some insight on how to make two feeds
from different ISP's coexist and achieve proper routing without conflicts.
Thank you.
Fernando Ronci
E-mail: (e-mail address removed)