<(E-Mail Removed)> wrote in message
news:9ac62074-1af0-44da-a2c6-(E-Mail Removed)...
> Ok we're limited in bandwidth at my office location so have 2
> connections to the internet via different means.
>
> In the past I've just assigned all the server internet traffic via one
> router and the various desktops to use the other. Over the last few
> weeks we've got a few VPN users and I'd like to dedicate one router to
> just VPN users.
>
> LAN card 1 is 10.0.2.1 with a default gw set to 10.0.2.253
> LAN card 2 is 192.168.2.1, the router is 192.168.2.2 but i've not set
> it under the tcp/ip properties.
>
> I thought, but I'm obviously wrong, that if something was listening on
> 192.168.2.1 and something tried to connect then it would open a
> connection and send any data via the same route it came.
You are correct. It does not do that. Inbound packets and outbound packets
are totally separate, and the path taken is based on totally separate
routing decisions made at the Source,...you are the Source of the outbound,
but not the inbound. Since the Destination for leaving your system is an
"undefined" route it will always follow the Default Gateway of the Server
which means it will use the Nic associated with the Default Gateway
*regaurdless* of what Nic it came in on. This is why 99% of the time a PC
(of any kind) should *never* be multi-homed unless it is being used as a
Firewall, a Router, or is using Nic Teaming.
> Obviously not, so I added a persistent path
> 192.168.1.0 255.255.255.0 192.168.1.2
Remove that. According to you description that is an invalid route.
To handle the VPN users the way you want:
I am assuming for the sake of this that these connections are
either DSL or CableTV and not T1s or some other commercial grade
connections. I am also assuming that these VPN connections are inbound
Remote Access VPNs.
1. The Internal LAN facing interfaces of the "routers" need to be the same
subnet and be directly on the LAN. These "routers" would be acting as
firewall,..which is what they *really* are anyway,..they are not true
routers if this is a DSL or CableTV situation.
2. You would require that these "routers" have the ability to be VPN
Servers. If not them replace them with some that do. You would no longer
use the Windows Server for a VPN Server and would remove, disconnect, or
disable the Server's second Nic. Then the users would use whatever line
corresponds to the particular "router" they targeted when they activated
their VPN connection.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Similar Threads
Linear Mode
