how to use a static route to "bounce" traffic ?

  • Thread starter Thread starter scott
  • Start date Start date
S

scott

Hi,

I have been talking to Bill Grant about a 2003 site-to-site VPN when both
2003 server have a single adapter. I dont fully understand.

He suggested that:

" If the RRAS server is not the default gateway of the LAN (eg if the client
machines have their default gateway set to the router), you will need to add
extra routes to get the VPN traffic to the RRAS router. The easiest way is
to add a static route to the gateway router to "bounce" the traffic for the
"other" private LAN to the RRAS router".

As I cant get hold of him i was hoping someone else could provide a quick
answer.

If the networks at both sites were configured as below:

---------------------------------------
net
v
gateway router (192.168.0.1)
v
switch > 2003 server (192.168.0.2)
v
clients (192.168.0.#)
----------------------------------------

1. when adding a static router to the gateway router i have the following
fields to populate:
-Route Name
-Active (y/n)
-Destination IP Address
-IP Subnet Mask
-Gateway IP Address
-Metric
-Private (y/n)

1. Is Bill suggesting that:
- add static route to gateway router pointing to internal 2003 server
- clients still use the gateway router as the network gateway
- by entering a static route all traffic (http, ftp, pptp) etc will be
redirected to 2003 server

2. Also, STATIC ROUTES only allow a single IP address per route. Surly that
would mean a single STATIC ROUTE per clinet pointing to the server. The
server would be the only IP without a STATIC ROUTE on the gateway router and
therefore all traffic from it would pass through the gateway router ?

This is the way I understand how it would work.

Thanks again for your time.
Scott.
 
scott said:
Hi,

I have been talking to Bill Grant about a 2003 site-to-site VPN when both
2003 server have a single adapter. I dont fully understand.

He suggested that:

" If the RRAS server is not the default gateway of the LAN (eg if the client
machines have their default gateway set to the router), you will need to add
extra routes to get the VPN traffic to the RRAS router. The easiest way is
to add a static route to the gateway router to "bounce" the traffic for the
"other" private LAN to the RRAS router".

As I cant get hold of him i was hoping someone else could provide a quick
answer.

If the networks at both sites were configured as below:

---------------------------------------
net
v
gateway router (192.168.0.1)
v
switch > 2003 server (192.168.0.2)
v
clients (192.168.0.#)
----------------------------------------

1. when adding a static router to the gateway router i have the following
fields to populate:
-Route Name
-Active (y/n)
-Destination IP Address
-IP Subnet Mask
-Gateway IP Address
-Metric
-Private (y/n)

1. Is Bill suggesting that:
- add static route to gateway router pointing to internal 2003 server
- clients still use the gateway router as the network gateway
- by entering a static route all traffic (http, ftp, pptp) etc will be
redirected to 2003 server

2. Also, STATIC ROUTES only allow a single IP address per route. Surly that
would mean a single STATIC ROUTE per clinet pointing to the server. The
server would be the only IP without a STATIC ROUTE on the gateway router and
therefore all traffic from it would pass through the gateway router ?

I think what you need is the destination to point to the subnet of the
remote network, i.e. if they use 10.0.0.x, then the dest. is 10.0.0.0. The
mask you enter as appropriate, and the gateway address will be the rras
server.
I wish I'd thought of this (if it works) as I just went round and added a
static route on all the pc's here. Hehe, ah well...
James
 
Hi,

Thanks for the reply. That does make more sense now you explained.

Dest IP: remote rras server
Dest SN: 10.0.0.0 (assuming remote network used that range)
Gateway: local rras server

Local rras server would need to be configure as a router for the LAN and all
traffic from clients would bounce off gateway to local rras server before
going to remote rras server or indeed anywhere else.

So what happens when the traffic from the local rras server hits the gatway
router ? surly it would use the static route also ? ie sending traffic back
to itself ?

Thanks for your time.
Scott.
 
scott said:
Hi,

Thanks for the reply. That does make more sense now you explained.

Dest IP: remote rras server
Dest SN: 10.0.0.0 (assuming remote network used that range)
Gateway: local rras server

not quite - Dest IP is the "network" you are connecting to, so rather than
the address of the remote router, use the network address... i.e. if the
remote router is 10.0.0.10, the network dest IP is simply 10.0.0.0. The dest
subnet is (in that case) 255.0.0.0, but basically wants to be the same as
the pcs on the remote net.
Gateway is indeed the local rras server.
Cant remember if you have set up the 2 way tunnel part yet though? Also the
above would need to be mirrored on the remote router so trafffic can get
back again.

Local rras server would need to be configure as a router for the LAN and all
traffic from clients would bounce off gateway to local rras server before
going to remote rras server or indeed anywhere else.
pretty much, although standard internet traffic would simply not be bounced
back to the rras server and pass out as per normal
So what happens when the traffic from the local rras server hits the gatway
router ? surly it would use the static route also ? ie sending traffic back
to itself ?

the rras routers will need a pptp tunnel set up using the external IP's of
the gateway routers. These machines have their own static route to know
where to send it, so it will pipe traffic for the remote net down the tunnel
rather than using the default gateway.

Hope that helps, not convinced Im being clear!

James
 
Hi James,

Thats great thanks, cleared a few things up.

Thanks again for your time.
Scott.
 
scott said:
Hi James,

Thats great thanks, cleared a few things up.
No probs - for the server setup check out the help topic on 2k server - look
in the help index under VPN Connection scenarios, Branch Offices PPTP based
Persistent (or demand dial)
 
Back
Top