Re: Help with Routing

Giganews Newsgroups
Subject: Re: Help with Routing
Posted by:  Phillip Windell (..@.)
Date: Thu, 2 Mar 2006

"James Hill" <jhi…@crinet.co.uk> wrote in message
news:u7t5hOfPGHA.1…@TK2MSFTNGP12.phx.gbl...
> London: 192.168.0.0/24
> Brighton: 192.168.1.0/24
> Eastbourne: 192.168.2.0/24
>
> Each Site has a DC running RRAS on 192.168.x.3/24 and a 3rd party
> firewall on 192.168.x.1/24 which doesn't allow multiple routes.
> There are VPN's set up between London and Brighton and Brighton and
> Eastbourne that go to a seperate VPN Server in Brighton on 192.168.1.6.

You have not given us all the "pieces" of all three sites.  What does the
"DC running RRAS" have to do with anything? All you said was that it
"exists".

Let me make some wild assumptions and see if I get it right. If I am wrong
then you will have to clear things up.

I am assuming that:
    1. The DC with RRAS is the "VPN Server" creating the Site-to-Site VPN
    2. The DC with RRAS has a "mystery Nic" on the external side that you
        never mentioned and it connects to the Internet to create the Tunnel
        without involving the "firewall".
    3. Since the firewall can't accept multiple routes, the Clients will
have to
        use the DC/RRAS/VPN boxes as their Default Gateways.

Play close attention to the Masks in the Static Routes

_______________________________________________________
London:
    Network ID = 192.168.0.0/24
    Internet Router (firewall) = (Int)192.168.0.1 (Ext)???.???.???.???
    VPN Router = (Int)192.168.0.3  (Ext)???.???.???.???

    1. All Hosts on the LAN will use the VPN Router 192.168.0.3 as their
        Default Gateway
    2. The VPN Router will use the firewall 192.168.0.1 as its Default
Gateway
    3. The VPN Router will use this Static Route
        192.168.0.0 Mask 255.255.0.0 192.168.1.3
________________________________________________________
Brighton:
    Network ID = 192.168.1.0/24

    Internet Router (firewall) = (Int)192.168.1.1(Ext)???.???.???.???
    VPN Router #1 = (Int)192.168.1.3  (Ext)???.???.???.???
    VPN Router #2 = (Int)192.168.1.6  (Ext)???.???.???.???

    1. All Hosts on the LAN will use *either* VPN Router as their Default
        Gateway,..but let's choose 192.168.1.3
    2. The VPN Router will use the firewall 192.168.1.1 as its Default
Gateway
    3. The VPN Router will use these Static Routes
        192.168.0.0 Mask 255.255.255.0 192.168.0.3
        192.168.2.0 Mask 255.255.255.0 192.168.2.3
_________________________________________________________
Eastbourne:
    Network ID = 192.168.2.0/24

    Internet Router (firewall) = (Int)192.168.2.1(Ext)???.???.???.???
    VPN Router =  (Int)192.168.2.3  (Ext)???.???.???.???

    1. All Hosts on the LAN will use the VPN Router 192.168.2.3 as their
        Default Gateway
    2. The VPN Router will use the firewall 192.168.2.1 as its Default
Gateway
    3. The VPN Router will use this Static Route
        192.168.0.0 Mask 255.255.0.0 192.168.1.6

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Replies

In response to

Help with Routing posted by James Hill on Thu, 2 Mar 2006