Choosing the source IP if multiple addresses are bind to one inter

Are there any ways to specify the source IP address for a packet in windows
if multiple IP addresses are bind to one interface? MS and 3-party solutions
are all welcomed. I know that some software is able to specify the source IP
when sending packets if it detected multilpe IP address bind on the interface
used. However I would like to find ways to do this in the system-wide level
so that this can be transparent to softwares.

FYI, The following is my scenerio.
I have an VPN gateway that use the following rules to determine which VPN
tunnel to use:
1) if the source is 192.168.1.x (x < 128) and the destination is in the
subnet 192.168.2.0/24, forward through VPN tunnel 1
2) if the source is 192.168.1.y (y >= 128) and the destination is in the
subnet 192.168.3.0/24, forward through VNP tunnel 2
3) if otherwise, forward to the internet without go through any VPN tunnel

I have 3 machines:
A is at the side of this VPN gateway, bind an interface with 2 IP addresses:
192.168.1.2 and 192.168.1.129
B is at the other side of the VPN tunnel 1, inside the subnet of
192.168.2.0/24
C is at the other side of the VPN tunnel 2, inside the subnet of
192.168.3.0/24

Now, B can initate connection with A using the IP address 192.168.1.2 and C
can initiate connection with A using the destination IP address
192.168.1.129. However, A can only initiate connection with B but not C since
the primary address 192.168.1.2 is always used as source IP.

It is possible to change the VPN rules but I am interested in whether I can
choose the source IP address if multiple addresses are bind to one interface.

Thanks for your help.

--
circle

"circle" <(E-Mail Removed)> wrote in message
news:168F6029-C90D-4E54-A0C0-(E-Mail Removed)...
> Are there any ways to specify the source IP address for a packet in
windows
> if multiple IP addresses are bind to one interface? MS and 3-party
solutions
> are all welcomed. I know that some software is able to specify the source
IP
> when sending packets if it detected multilpe IP address bind on the
interface
> used. However I would like to find ways to do this in the system-wide
level
> so that this can be transparent to softwares.

Don't know of anyway to do it "system wide". The TCP/IP Stack will normally
just go off of the first matching entry in the Routing Table (which will be
the Primary IP),...so it must be overcome at a higher level "above"
that,...which would be an Application itself or an Application Filter if
this is a NAT Firewall or Proxying situation. But in a NAT or proxying
situation, just because a "filter" may exist doesn't mean you can do
this,...it depends on what the Filter was written to do.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Thanks for answering first!

Actually I have thought of something like NAT. Since the routing table in
windows always use the primary ip as source ip for an interface, I have an
interesting idea and am wondering if it would work. First I add a static
route to some hosts through the loopback interface, then use NAT to bind to
the loopback interface and filter those packets to specific hosts, translate
the source address and then forward to the ethernet interface. This method
sounds so 'brute-force'... It would be a miracle if it really works...

Do you all have any comment on it?

--
circle


"Phillip Windell" wrote:

> "circle" <(E-Mail Removed)> wrote in message
> news:168F6029-C90D-4E54-A0C0-(E-Mail Removed)...
> > Are there any ways to specify the source IP address for a packet in
> windows
> > if multiple IP addresses are bind to one interface? MS and 3-party
> solutions
> > are all welcomed. I know that some software is able to specify the source
> IP
> > when sending packets if it detected multilpe IP address bind on the
> interface
> > used. However I would like to find ways to do this in the system-wide
> level
> > so that this can be transparent to softwares.
>
> Don't know of anyway to do it "system wide". The TCP/IP Stack will normally
> just go off of the first matching entry in the Routing Table (which will be
> the Primary IP),...so it must be overcome at a higher level "above"
> that,...which would be an Application itself or an Application Filter if
> this is a NAT Firewall or Proxying situation. But in a NAT or proxying
> situation, just because a "filter" may exist doesn't mean you can do
> this,...it depends on what the Filter was written to do.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>
>

"circle" <(E-Mail Removed)> wrote in message
news:F73FE4F1-2DD2-4C2B-B500-(E-Mail Removed)...
> Actually I have thought of something like NAT. Since the routing table in
> windows always use the primary ip as source ip for an interface, I have an
> interesting idea and am wondering if it would work. First I add a static
> route to some hosts through the loopback interface, then use NAT to bind
to
> the loopback interface and filter those packets to specific hosts,
translate
> the source address and then forward to the ethernet interface. This method
> sounds so 'brute-force'... It would be a miracle if it really works...
>
> Do you all have any comment on it?

No comment.....