Two Internet connections

  • Thread starter Thread starter Alchaemist
  • Start date Start date
A

Alchaemist

Hi,

I have a situation with RRAS I would need to solve.
I have a Win2K Server with 3 NICs
1- Internet connection for hosting (IP 1.0.0.x)
2- Internet connection for LAN workstations (IP 2.0.0.x)
3- LAN (10.0.0.x)

I found that if I try to setup NIC 2 as Default Interface with
Interface metric 1, and NIC 1 with interface metric 2, then all
traffic goes through NIC 2, EVEN THE TRAFFIC that arrived at NIC 1 and
was supposed to be answered at NIC 1.
As NAT is involved in NIC 2, then I cannot establish connections
from outside to NIC 1... bad for hosting an intranet service...

Any idea how I can achieve this? (With only one server, of course I
might have two boxes to handle things separately... ;)

I am not sure if it is clear what I want to do, so just shoot.
Thanks!
 
Yeah, you cannot have 2 different default gateways for a single machine.

You mentioned you plan to host intranet service. If that's the case then
have routes to send packets to your intranet via NIC1 and let NIC2 be
default gateway. This will work if your intranet as known and fixed range of
ip addresses.
If you plan to host internet service then can you tell me why do you need
separate internet connection for hosting, why can't you do it from Internet
Connection for LAN workstations?
 
I am having the same problem but cannot seem to get it fixed..here is a
detail from another msg
I posted requesting help:

Win 2000 Server
Service Pack 4
2 Network Cards
Card 1 is connected to internal network
Card 2 is connected to the internet

Now the Problem:

I have gone through the RAS configuratin wizard 50 times and I am still
having a problem getting my outside machines to connect to VPN.

If I try to create a VPN connection from one of the machines on my internal
network I have no issues at all...it authenticates and creates the
connection without a hitch.

Now when I try to create a VPN connection from an outside machine it sits
there saying connecting but never gets beyond that and fails. I know I can
see the computer because I am able to ping the server from the outside
machine...load the websites on it...log in secure FTP area without any
problems at all yet trying to create a VPN it says the VPN server is not
available. CAN ANYONE help me with this
problem....I need this VPN to work outside but am at a loss of what to try
next.

Feel free to email me directly at (e-mail address removed) I need this issue
resolved ASAP.


Pawan Agarwal (MSFT) said:
Yeah, you cannot have 2 different default gateways for a single machine.

You mentioned you plan to host intranet service. If that's the case then
have routes to send packets to your intranet via NIC1 and let NIC2 be
default gateway. This will work if your intranet as known and fixed range of
ip addresses.
If you plan to host internet service then can you tell me why do you need
separate internet connection for hosting, why can't you do it from Internet
Connection for LAN workstations?

--
-Pawan [MSFT]

-------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no
rights."
------------------------------------------------------------------------
Alchaemist said:
Hi,

I have a situation with RRAS I would need to solve.
I have a Win2K Server with 3 NICs
1- Internet connection for hosting (IP 1.0.0.x)
2- Internet connection for LAN workstations (IP 2.0.0.x)
3- LAN (10.0.0.x)

I found that if I try to setup NIC 2 as Default Interface with
Interface metric 1, and NIC 1 with interface metric 2, then all
traffic goes through NIC 2, EVEN THE TRAFFIC that arrived at NIC 1 and
was supposed to be answered at NIC 1.
As NAT is involved in NIC 2, then I cannot establish connections
from outside to NIC 1... bad for hosting an intranet service...

Any idea how I can achieve this? (With only one server, of course I
might have two boxes to handle things separately... ;)

I am not sure if it is clear what I want to do, so just shoot.
Thanks!
Click to expand...
Click to expand...
 
Hi,
Thanks Pawan, that is a crystal clear answer. I will setup thing
is separate servers and that's it then.
The reason for the two connections are:
1- Bandwidth. So workstations do not obstruct the intranet website
2- Redundance. If something goes wrong, I make changes in RRAS and
solve the link down issue.
3- We already have the links, so better use both ;)

Answering Robert:
Your issue is completely different from mine, anyway... one
question..
Your VPN clients, what Windows are?
The reason is simple, if they are Win9X, and you have as primary
nic the LAN NIC, then because of a "flaw" in Win9X VPN implementation,
they will not connect. To solve this you can setup your Internet NIC
as the primary interface, but DO NOT DO that if it is a domain server,
or you will get tons of Active directory errors.
To change the NIC order, OPEN Start/Settings/Networks & dialup.
Then you will find the menu Advanced/Advanced settings.
Use the arrows to move up or down your interfaces.

There is a document about this in the MS KB.. I'll try to find it.

If you have trouble with Windows 2000 VPN clients outside, then it
might be a firewall issue. PPTP is simpler to setup but does not use
IP it uses GRE tunnels and they might not get through a
firewall/router in the middle. L2TP works fine on IP but you need to
deal with certificates to get it to work.
 
Back
Top