Philip said:
Dear all
My company has two router, one VPN router is for accessing the USA office by
VPN Tunner, another one normal router is for internet access. Is it
possiable that user 's PC can choose which router to connect ? or The IE
will connect to VPN router if user type intranet address, or the IE will
connect to Normal Router if user type non-intranet address. Can Microsoft 's
ISA do that ?
Thanks
Philip
Yes and no. The clients default gateway specifies the first hop a packet
will travel to. What happens at that location depends on the routing table,
or rather, how that routing table redirects the packet. If an appropriate
route entry isn't found on the router, the packet is then sent to that
router's default gateway. So basicly, it's a physical network issue.
What IE does is simply query the dns server for the ip associated with a
given host or alias. Thats the destination ip_address the packet is sent to.
Its the physical network that redirects the packet.
Lets suppose that the original client's gateway is a router with a route
entry for a 192.168.0.0 network (probably pointing to the VPN router). The
packet will then be sent to the VPN router, who in turn reroutes the
received packet based on it's own routing table through the tunnel if set up
properly.
Note that an ip_address like 10.0.0.1 or 192.168.3.5 can't be routed through
the internet. Internet routers are configured to prevent private address
scopes to be reacheable.
Thats were ISA servers come into the picture, its basicly a firewall proxy
with network address translation. While it protects access to the private
network and provides NAT, the network's routing internally is still governed
by the routing tables in the private network.
The bottom line is what ip_address is IE getting from dns server? The public
ip_address or the private ip_address?
