Discussion in 'Windows Networking' started by SizzleMaster, Apr 19, 2004.

  1. SizzleMaster

    SizzleMaster Guest

    I have a hub and spoke configured gateway<>gateway VPN WAN where each spoke
    end connects to the hub via Win Server 2003 RRAS and ISA erver 2001 packet
    filters. If the hub goes down, the spokes can't talk to each other becuase
    the ISA VPN wizard requires fixed IPs to setup the connection.

    Is there any way to hard wire them with fixed routes to their FQDNs? I'm
    using dynamic DNS to resolve the FQDNs.

    Thanks for ANY assistance.
    SizzleMaster, Apr 19, 2004
  2. I don't think I understand the question. In a hub & spoke setup, if you
    lose the hub, then you lose everything, that is just the way it is....it
    doesn't really have anything to do with VPN wizards, DNS or FQDNs. The hub
    is the "single point of failure".

    We have the same VPN based Hub & Spoke setup with about 20+ sites from all
    over the US. If the central "hub" (our Corp HQ) goes down, then the story is
    simply over. They way we avoid trouble is to just not depend on the Hub for
    everything. Our DNS, WINS, Internet connection, Mail Server (Exchange), Web
    Server are are handled independently by us. Every site is pretty much
    autonomous, we only use the "Hub" for things specific to what we need the HQ
    for. If they are down, we just wait till they pick up the pieces and get
    going again. We'll survive without them until they do. Communication between
    sites in the form of Email still works because each site has thier own
    locally maintained Mail Server and Internet Connection and so email never
    depended on the "hub" to start with.
    Phillip Windell, Apr 19, 2004
  3. SizzleMaster

    SizzleMaster Guest

    Good point. I shouldn't have even put the whole hub and spoke setup part
    into this posting and just put forward my question of how to connect two
    servers via RRAS and ISA if they have dynamic IPs. Is this possible?

    The reason that I need this is that I'm running a portal farm with three
    servers, 2 acting as front end web servers and the 3rd as the index server,
    if the hub goes down the portal is still up but the indexing thus search is

    Thank you for your reply.

    SizzleMaster, Apr 20, 2004
  4. Ok, well in VPN there is always a "Caller" side and "Host" side. Which ever
    side is initiating the call (caller side) can be dynamic without a problem
    because thier IP# is irrelevant, they recieve a new IP# based on the VPN
    when the connection is established and that is the one actually used for the
    VPN traffic inside the tunnel.

    However the side receiving the call (host side) must be a statically
    assigned address since the IP# is used as a "phone number" for the
    connection. Now if the Host is registered with either DNS or WINS and the
    data entry is always assured accurate even when the IP# changes then you may
    get away with it if you can use the host name (WINS) or the FQDN (DNS) from
    the Caller to make the connection. But I have never tried this and don't
    know how successful it will be. I have always used the IP# to make the
    connection and never worried about what the Host's name was.


    Phillip Windell [MCP, MVP, CCNA]

    Phillip Windell, Apr 20, 2004
  5. One note, probably off topic, but what the hey - rather than RRAS/Windows
    VPN, you can do what you wish with a lot of firewall appliances - check out
    www.sonicwall.com - then you can use a dynamic DNS service such as
    www.dyndns.org (there are plenty of others) to create
    "domainsite1.dyndns.org" and "domainsite2.dyndns.org", with each server
    running update software to make sure the correct IP is set (I use direct
    update for this). I think in the newer sonicwalls *both* sides can have
    dynamic IPs and just connect using the host name.

    Just a thought.
    Lanwench [MVP - Exchange], Apr 22, 2004
