OK. What you really have to do is set the machines in site B to access
the Internet using NAT rather than using the proxy server at site A.
Exactly how you do that depends on your config. There are basically two
options.
1. You use the DSL router as the gateway for the local LAN and redirect
site A traffic to the RRAS router. The DSL router does NAT for the
workstations. In this setup you only have one NIC in the RRAS machine and
forward the VPN traffic from the router to the RRAS server.
2. You use the RRAS router as the default gateway for thr LAN machines. In
this case you need to enable LAN routing on the RRAS server. You also need
extra routing on the DSL router to get traffic to the "private" LAN (which
is in a different subnet from the DSL router).
There is a third option which is to configure the RRAS router to do NAT.
This works but is inefficient, because you are doing NAT twice (once at the
RRAS router and again at the DSL router). I use this method for a test
system using virtual machines which only rarely needs Internet access. If
you cannot program your DSL router to do port forwarding or add static
routes, this is the method you will need to use.
Case 1.
Internet
|
DSL NAT router (static route <site A IP range and netmask> 192.168.0.n)
192.168.0.1
|
workstations
192.168.0.x dg 192.168.0.1
|
RRAS
192.168.0.n dg 192.168.0.1
Case 2.
Internet
|
DSL NAT router (static route 192.168.10.0 255.255.255.0
192.168.0.2)
192.168.0.1
|
192.168.0.2 dg 192.168.0.1
RRAS (VPN and LAN router)
192.168.10.1 dg blank
|
workstations
192.168.10.x df 192.168.10.1
Case 3?
Internet
|
DSL NAT router
192.168.0.1
|
192.168.0.2 dg 192.168.0.1
RRAS NAT
192.168.10.1 dg blank
|
workstations
192.168.10.x dg 192.168.10.1
GFowl wrote:
> Thanks for the responses.
> RRAS is set up at boths sites, and commicate through VPN tunnel.
> Site B route all traffic to site A, through VPN tunnel
>
> Have new responsibilty of Network, alsways been jsut servers and
> systems in the past, little new on the routing thing...
>
> "Robert L [MS-MVP]" wrote:
>
>> Bill,
>>
>> Thank you for the detail input.
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com "Bill Grant" <not.available@online>
>> wrote in message news:(E-Mail Removed)...
>> To expand on Bob's comments, we really need to know what you are
>> using for Internet access at site A. To get this to work requires
>> a site to site (sometimes also called router to router or LAN to
>> LAN) VPN link. You cannot simply set this up at site B. It needs
>> to be correctly configured at both ends of the link. The router as
>> site A needs to know how to route traffic for site B through the
>> tunnel (not directly out to the Internet).
>>
>> If you have a RRAS router at site A, you can use the Microsoft
>> RRAS solution. Trying to configure it between different systems
>> (ever RRAS and ISA server) is not easy.
>>
>> A routed site to site connection will do what you want.
>> Traffic destined for the "other" site will be routed through the
>> VPN tunnel. Other traffic will go out to the Internet as usual.
>>
>> Robert L [MS-MVP] wrote:
>> > do you have windows site to site VPN? posting the routing table
>> here > may help.
>> >
>> > Bob Lin, MS-MVP, MCSE & CNE
>> > Networking, Internet, Routing, VPN Troubleshooting on
>> > http://www.ChicagoTech.net
>> > How to Setup Windows, Network, VPN & Remote Access on
>> > http://www.HowToNetworking.com
>> > "GFowl" <(E-Mail Removed)> wrote in message
>> > news:26C87790-63D6-4C89-977E-(E-Mail Removed)...
>> > GOAL: Want users at a remote site to be able to browse the
>> internet > via their
>> > own DSL internet connection while at the same time VPN all
>> internal > traffic
>> > to main site over WAN.
>> > Currently there is just the one VPN connection setup, all
>> traffic > including
>> > internet use utilixes it.
>> >
>> > 2003 Server with RRAS at Remote Site B has an External and
>> Internal > NICs,
>> > and VPN connection to Site A. Site B is our small, remote
>> site, > they connect
>> > over internet DSL connection via the VPN to access Exchange and
>> > other
>> > services on the WAN.
>> > I want to allow there internet access of non-local site to go
>> > directly out
>> > their own internet connection (RRAS Server, DSL Router to
>> Modem, to > the
>> > internet). They are currently pointing to a proxy server a the
>> > Main Site,
>> > Site A.
>> > Can't figure out how to do it on the server, any help would be
>> > appreciated.
>> > The clients at the site have the server as their default
>> gateway. > I know its
>> > probably something simple, any help or leads would be
>> appreciated
Similar Threads
Linear Mode
