Re: VPN client routing problem

37 views
Skip to first unread message

Robert L [MS-MVP]

unread,
Oct 16, 2005, 8:47:30 PM10/16/05
to
it seems to me that you need 3rd NIC or manually setup routing table as the following case,
 
routing
One router goes to the corporation email server and another one goes to the ...
Then, you add another router for the Internet access and want to use the ...
www.chicagotech.net/routing.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have vpn server (Windows 2003 with RRAS) with 2 NICs.
First NIC is connected to LAN and second to internet.
I have also 2 internet connections with 2 routers.
First connection is only for vpn access (connected to public NIC on my VPN
server).
Second connection is used for internet access (http, ftp,...) and it is
connected to my LAN.
Whan I connect to VPN server I have no acces to internet. I don't want to
disable 'use default gateway....' on my vpn client. I don't want also to use
my internet connection on VPN server for internet access.
I would like to set routing for vpn client so they use second router to
access internet.
I know that I can set routing on RRAS, but how to set default gateway only
for vpn clients?

regards,
Marcin

Bill Grant

unread,
Oct 16, 2005, 8:58:36 PM10/16/05
to
I am surprised that your setup works at all. Two internet connections
usually cause all sorts of odd routing problems.

I can't think of any way to get your VPN client to use the LAN router.
For VPN to work, the VPN server's default route must point out to the
internet through the public NIC. For internet access through the other
router to work, its default route would need to be pointing to the LAN
router via the LAN NIC. There is no way to satisfy both of these
requirements at the same time.

Marcin

unread,
Oct 17, 2005, 5:11:04 PM10/17/05
to
that's right, but maybe exists some kind of software to setup routing based
on source address (vpn clients have ip addresses from private ip pool) ?

Bill Grant

unread,
Oct 17, 2005, 8:51:33 PM10/17/05
to
What source address could you use? How can you know what public IP
address your remote client will connect from? The private address is of no
use. The VPN data is encrypted and encapsulated inside a packet with a
public IP in the header.

Marcin

unread,
Oct 18, 2005, 5:32:17 PM10/18/05
to
Hi Bill

I know what IP address is assigned to vpn client by vpn server, I don't
need to know what public IP they have. Based on this information I can say
"route packets from IP pool assigned by vpn server to LAN gateway" (this
should be configured on vpn server). Public IP addresses are still routed by
gateway assigned to NIC connected to internet.
It should work, but I haven't tools on Windows to do it.
(Cisco has 'Police based routing' - with this feature you can set routing
based on source address).

Marcin

Bill Grant

unread,
Oct 18, 2005, 7:44:37 PM10/18/05
to
Then buy a Cisco!

circle

unread,
Nov 24, 2005, 11:23:50 PM11/24/05
to
Hi! I am not an expert on this issue but I would like to give a try on it.
Please don't hesitate to point out if I made an mistake.

Are you using the IPSec VPN client? If yes, the packet will be encrypted and
encapsulated in a packet with destination IP address being the one of the VPN
server. In theory the OS will only know about the packet is sending to the
VPN server (not other internet ip address used in the VPN). Therefore you can
just add a route to the ip address of the VPN server via your preferred
gateway, leaving the default gateway be the one you use to access the
internet.

--
circle

Reply all
Reply to author
Forward
0 new messages