VPN remote connection as Internet gateway

09-11-2004, 03:37 AM

I've been banging my head against my keyboard for the last few days to
no avail. I think I've read enough VPN documentation to last a
lifetime. Here it goes... First off, what I'm trying to accomplish is
to use a Windows box as a gateway/routing machine to connect via VPN
over my cable modem to my network at work. Once this link is up, I
need to route all my traffic over the VPN and use the network at my
office basically as a second level Internet gateway if you will. I am
also needing to pass a few public/globally routable IP addresses to
the different clients on my home network. I'm using a Win2K3 Std. box
to dial into a Win2K server providing my VPN connection. My Win2K3
Std. box is going to act as a gateway/routing machine for my home
network. I can establish the VPN and use the Internet through the VPN.
All the traffic that I send from the gateway/routing box is currently
traveling over the VPN to my office network and then out to the
Internet. The problem that I am having is getting the external
connection on the gateway/routing box to route traffic to the internal
nic and subsequently out to my computers on the home network. I am
pretty sure that this is a routing issue and not a VPN issue, but if
anyone can, PLEASE help me, it would be extrodinarily appreciated.
Thanks. Daniel.

09-12-2004, 04:18 AM

When you establish a normal VPN connection, it sets up as a
client-server style connection. The client sends all traffic to the server,
but the server only sets up a host route back to the client.

To establish a connection which will route traffic back to a subnet
behind the client, you need to make additional routing available on the
server. It must have a route to send the subnet traffic over the VPN link.

The best way to do this is to use the technique used for router to
router VPN connections. On the server, set up a demand-dial interface. Using
the new static route wizard to configure a static route for the "calling"
subnet linked to the demand dial interface. When this interface connects,
the static route will be added to the routing table, using the VPN
connection. You are using the demand dial interface as the endpoint of the
VPN.

To get the demand dial interface bound to the connection, you set up an
account on the server with its username matching the demand dial interface
name with dialin permission. From the "calling" router, use the demand dial
interface name as the username for the connection. The connection will bind
to the dd interface (rather than the default internal interface), and the
return route will be added to its routing table.

"danielworrell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I've been banging my head against my keyboard for the last few days to
> no avail. I think I've read enough VPN documentation to last a
> lifetime. Here it goes... First off, what I'm trying to accomplish is
> to use a Windows box as a gateway/routing machine to connect via VPN
> over my cable modem to my network at work. Once this link is up, I
> need to route all my traffic over the VPN and use the network at my
> office basically as a second level Internet gateway if you will. I am
> also needing to pass a few public/globally routable IP addresses to
> the different clients on my home network. I'm using a Win2K3 Std. box
> to dial into a Win2K server providing my VPN connection. My Win2K3
> Std. box is going to act as a gateway/routing machine for my home
> network. I can establish the VPN and use the Internet through the VPN.
> All the traffic that I send from the gateway/routing box is currently
> traveling over the VPN to my office network and then out to the
> Internet. The problem that I am having is getting the external
> connection on the gateway/routing box to route traffic to the internal
> nic and subsequently out to my computers on the home network. I am
> pretty sure that this is a routing issue and not a VPN issue, but if
> anyone can, PLEASE help me, it would be extrodinarily appreciated.
> Thanks. Daniel.

09-13-2004, 02:22 PM

Here's the articles for that, guys, it'll save on typing. :-)

Yes, Daniel, like Bill said, you need a Site-to-Site (Router-to-Router) VPN
to do this. You cannot do this with a remote Access VPN as you are currently
doing. "Remote Access VPN" only connects a Host to a Network, the other
connects two Networks

Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site
VPNs
http://www.microsoft.com/technet/pro.../vpndpls2.mspx

Virtual Private Networking with Windows 2000: Deploying Router-to-Router
VPNs
http://www.microsoft.com/windows2000...eplyr2rvpn.asp

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Gateway laptop connection to internet wireless help?	philayvanh	Wireless Networks	1	10-24-2006 07:33 PM
Internet Gateway Icon disappears after repairing connection	isi_ono	Wireless Networks	3	08-06-2006 09:17 PM
Internet Gateway device created in Network Connections when I removed Internet Connection Sharing	Martin Underwood	Home Networking	2	04-07-2005 12:56 PM
Internet connection on remote pc	swift	Wireless Networks	1	10-16-2004 12:23 PM
Internet Gateway vs. Wireless Network Connection	dwood1966	Wireless Internet	1	09-03-2004 03:36 PM