Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BEFSX41 Tunnel with Multiple ISP's Routing Issue

Status
Not open for further replies.
a489

a489

MIS
Oct 7, 2002
3
US
I have a home network that is extremely unconventional and I am hoping that someone can help.

I have 2 ISP's at home, one a DSL with a static IP that is connected to a W2K Server running ISA, etc. I only keep the DSL b/c I need a static IP to run the mail server and for a small website. I also have a residential cable modem that I can not run a server on (TOS) but I think I am allowed to VPN.

The server is multihomed with the External card being the DSL connection and the internal card connected the LAN via the BEFSX41. Now the BEFSX41 has a Cable modem connection to the WAN port. All the computers on the LAN use the BEFSX41 as the default gateway to take full advantage of the cable's very high bandwidth, (about 10X of the DSL).

What I would like to be able to do is to Tunnel in to the BEFSX41 and be able to access the Server, but because the Server uses the default gateway of the DSL ISP I can't ping it. I can ping and access all the other computers on the LAN that point to the BEFSX41 as the default gateway, but not the Server. When I point the default gateway of the server to the BEFSX41 I can tunnel and do all I want, but the DSL connection is no longer valid and I can't get my e-mail or access the web site.

Any Ideas on how I can adjust the routing table or anything else to get this to work?

Thanks in advance.
 
Sort by date Sort by votes
Try to set the gateway of your second NIC to point to Linky. NIC settings are independent of each other and this should not interfere with your DSL-settings or LAN-operations either.

Have 3 cards in one of my 2000-servers ( 2 WAN, 1 LAN )with no extra settings with IIS and Apace.
 
Upvote 0 Downvote
Markku,

I have tried to setup internal NIC card to have the default gateway point to the linky but that doesn't seem to be stable. According to:


There can only be one default gateway for the computer. So at times the VPN connection (from remote client) might be able to access the server but then the server is not able to accept incoming mail, web, etc from it's External NIC card. I can't even ping the server's external NIC ip address on the internet. I belive this is when it uses the internal NIC gateway (linky). And the opposite happens if it uses the External NIC Gateway.

It seems to be a routing issue which I do not know much about. I would some how like to configure the server so it routes all internet traffic to it's external NIC except for VPN traffic that will come to the server via its internal NIC.

External NIC: (DSL connection)
64.47.x.x / 255.255.255.0 / Gaterway 64.47.x.1

Internal NIC: (LAN + LINKY connected to Cable modem)
192.168.1.x / 255.255.255.0 / Gateway (Linky) 192.168.1.1


Any Ideas?

Thanks again for the help!

-Steve
 
Upvote 0 Downvote
Hi Steve,

Looks like ISA is actually the problem. Replace ISA with HW router, e.g. another Linky for your services and internet connection sharing. Port forwarding will do the job.

I forgot to mention that both my WAN-cards are behind separate Linkys, since they are in different WAN segment. LAN card is behind third VPN-Linky for maintenance of the system.

And it works.
 
Upvote 0 Downvote
Markku,

Again thanks for the help. I hope to try that this weekend. Just one other thing, right now I have am able to use the W2K PPTP server and that works fine in all respects. The problem is that I am tunneling in via my DSL line that has a much lower bandwidth. But I have no problem accessing the server and the computers connected to the internal NIC card of the server. I think this has to do with the virtual IP address that I get when I use the W2K VPN wizard on the client side. It basically gives me an internal LAN IP so all the routing is 1 hop. I was just wondering if this virtual IP is at all possible with the Sentinel and the SX41? If so that might be another way to solve my problem

Thanks again,
-Steve

 
Upvote 0 Downvote
Hi,

Sentinel does not support Virtual IPs with Linky, just plain routing without netbios broadcasts -> no network neighbourhood.

True men use \\remoteserverIP\remoteshare only...

You can use PPTP in addition of Sentinel not instead if you like by port forwarding.
 
Upvote 0 Downvote
Markku,

First I don't mind using the IP address rather than netbios ID, I just want some way to access my W2K server via my Cable modem connection and still have my DSL, mail server etc remain the same.

How could I use port forwarding? I can easily establish a connection to my linksys with Sentinel. For there I can acces all machines on the LAN except the server. I tried to forward port 1723 TCP on the linksys to the internal LAN IP of the server 192.168.1.x. From here I try to use the w2K PPTP client but which IP address do I try to connecto to. I tried the routers (192.168.1.1) that didn't work, I then tried the WAN (cable modem IP) but that didn't work either..

Again thanks for the help!
 
Upvote 0 Downvote
For PPTP forward port 1723 TCP in the router to your server and enable PPTP passthru. In case of BEFSX41 you have to disable firewall functions in the current firmware version. You connect to PPTP with the WAN IP of the router, port forwarding will do the rest.

ISA is the problem. If you switch to HW-router and configure your cards gateways to point to routers no 1 and 2 respectively. This should do the trick, since then both Sentinel and PPTP packets have a way back from the server to the router and your remote user.

Default gateway applies only to surfing with the server.
 
Upvote 0 Downvote
marku is semi right about the default gateway, it applies to routes that are not known. Another term for it would be gateway of last resort, as in it is the default route for packets not destined for a local IP. But this is actually happening here. There are packets that are coming from an outside address to the LAN ip of the server, and the server is sending replies out to the DSL connection. It is a good idea to set each NIC to its own gateway, and MS is full of crap if they say a machine should only have one default gateway, or else they would not have made it an option per NIC, they would have made it an option per machine. In this case do NOT listen to MS about this.

Now for the PPTP, you must try to connect to the WAN IP of your Linksys on the cable modem, and have the linksys forwarding 1723 and PPTP passthru in order for MS vpns to connect and work right.

As for the rest, I agree too with the recomendation to get another router for the DSL line as that will help resolve the issue. I have set up multihomed boxes from win98, NT 2k and XP and asside from some inexperience issues have never had to much difficulty with it. But it was never in the way you are doing it either. You will need to have the internal NIC pointing towards the linksys since if you point it the other way it does not know where it is going. You also need to point the external (DSL)NIC towards the DSL connection for its default gateway. The subnets also cannot overlap or you will not be able to have both NICs play nicely together, they should be on seperate subnets, (i.e 192.168.1.x 255.255.255.0, 192.168.2.x 255.255.255.0) This way the networks are not in confict. Since you do not have a personal firewall on the DSL side this is not an issue yet, but it will be once you put one in. It can work on one subnet, but with more planning of IPs and default gateways and such. You also should make sure not to bridge the 2 NICs in this instance, as that would make it another way out for internet traffic, or worse yet another way into your lan form the internet. All this though is just ideas, I have not set up this type of config befor, so I cannot say what it is for certain, but of the 20-30 multihomed setups I have done, these things were a concern.

I think in this case that a personal gateway on the DSL link is a good idea, but not exactly the answer. You should be able to point from a machine on the LAN to the servers inside address, then from that same machine to the servers outside address, and both times get a reply. Then you should be able to set up a VPN connection from an address outside of your LAN to through the Linksys, and into the server, all the while not disturbing the DSL connection at all. This is not only possible but happening right now on many other machines, you just need ot get the settings right.

EV
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
864
iggsterman
iggsterman
raist3001
  • Locked
  • Question
Creating an IPSEC VPN tunnel between 2 DLINK DSR-250 help
Replies
0
Views
222
raist3001
raist3001
Jimmyjoe1975
  • Locked
  • Question
VPN tunnel ports
Replies
2
Views
165
Schart1961
Schart1961
SYSUSER2015
  • Locked
  • Question
VPN issue
Replies
0
Views
124
SYSUSER2015
SYSUSER2015

Part and Inventory Search

Sponsor

Back
Top