Need example of Multi-homed Setup for Gateway-to-Gateway

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by soslink, Feb 23, 2007.

  1. soslink

    soslink LI Guru Member

    We are using (2) RV042 routers for gateway-to-gateway VPN. The main office has a server with 2 Network adapters where one is used for the Internal LAn and one is for the WAN. The remote office is just a workgroup trying to connect to the server at the main office.

    can anyone post an example setup similar to ours of how they were able to access shared resources via VPN?

    We have a posting from yesterday with more of our specifics but getting no response yet. Maybe we need to just look at basics. Thanks
  2. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    I find multi-homing a server...when in a router to router VPN setup, to be cumbersome. Is this SBS utilizing ISA or something?

    All the setups I have that require site to site VPN tunnels..I have the servers with a single NIC...let the routers do the VPN tunnels.
  3. soslink

    soslink LI Guru Member

    Thanks for the reply. At the main office,the server we need to access shares on is Windows 2003 Server Std.

    We can connect our tunnel, but cannot access shares. While at the remote office we can administer the router at the main office. However,we cannot ping the server or any of the workstations at the main office. We have not tried vice-versa yet.
    We posted our setup in this forum and the "networking" forum yesterday under the "soslink" name. If you get a chance will you look it over and advise us on what you think? Is our setup even possible---have you seen it before?
    The purpose of the 2 NICs, pre-RV042 installation, was to isolate the internal LAN from the Internet.

    We can change the Server to have 1 NIC. In case that is the path we take, can you send link for the setup of this. Please include the physical cable connections-where should the roputer , server nic, be plugged into? We have a main switch at the main office and a cable modem.

    I also found out today, that the workstations at the remote office were once connected to the domain at the main office -physically there, and then moved to the remote office. They were never setup as a workgroup when moved to the remote office. So their FQDN is computername.domainname.local

    Thanks, I know this is a lot of information. We may just have to start fresh at both sites with the networks.
  4. pablito

    pablito Network Guru Member

    Yes indeed, you have a lot of posts on the same subject.

    If your VPN points to the wrong side of the dual NIC server then perhaps you only need to change the VPN spec to hit the desired subnet instead. Or if the shares are on the dual nic server then it should be able to serve the remote LAN requests. The VPN won't let you go where it isn't configured to do so (strict routing). You don't have to specify the RV's LAN subnet if you really want to get to a different subnet further inside. I assume that normal routing is working, i.e. the RV has a route pointing to the dual NIC server for the 2nd LAN segment. (or is it double NAT?)


    vpn subnets: LAN3<->LAN2

    The whole thing gets more complicated if you need all 3 nets to be on the VPN.
  5. soslink

    soslink LI Guru Member

    Please let me clarify a couple things before I ask anymore stupid questions. I am new at this and only have a basic understanding of networking.

    Which side of the dual-nic server should the VPN point to? Right now, I have it setup to point to the external NIC and that is the only way I can get the tunnel to connect. If I change the VPN setup to point to the Internal NIC ( the tunnel does not connect. My other post outline my setup details. Is this what you are referring to?

    Also, the shares are on the server.

    When you state "The VPN won't let you go where it is not configured to do so (strict routing)" The subnets(do you mean subnet masks???) at the main site and remote site are both The Main site, the internal LAN is, the External NIC is configured as follows;

    DGW: (This is the RV042 router LAN IP)
    DNS: (Internal NIC on Server)

    The remote site uses DHCP from the RV042 router to give out 192.168.1.x-based ip addresses.

    I am not sure I understand your final statement concerning double NAT-can you clarify--thanks alot.
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Yikes!! Your configuration is w-a-a-a-a-a-a-ay too convoluted for what you need to do...

    As stonecat stated, it's best to let your "RV" routers do the vpn because that's what they're designed to do. There is no need for a multihomed server unless you have "no router." Under those circumstances, then having a multihomed server is beneficial because one card will connect to the internet, and the other will connect to your internal LAN (this approach is the "exact" concept of how a simple router works).

    So, with that said, you can actually run your 2003 server with just "one" nic; connect it to your RV via your CAT5, and then set your permissions on the drive/folder that you want accessed via vpn. No other configuration is necessary, trust me on this :)

    RV----Internet----RV-----Server (with one NIC)

  7. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Are you running ISA server? Or just multi-homing her hoping to use RRAS? (secureNAT)
  8. soslink

    soslink LI Guru Member

    The server had 2 nics before we installed the RV042 so we were trying to implement the VPN with that setup. This is not ISA server, just Windows 2003 Server with RRAS running.

    There was no software or hardware firewall before the RV042 was setup. The workstations are using Zone Alarm.Looks like we should just use 1 NIC with this and the RV042 Firewall will be good enough for the server?

    Thanks again!
  9. soslink

    soslink LI Guru Member

    Yes, the server had no router or firewall so 2 NICs were used.We were trying to implement the VPN with the RV042 & 2 NICs but will take your very appreciated advice and go with one NIC.

    Thanks again!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice