2 Nics - one to internet one to VPN

G

Guest

OK... difficult question. The answer may be this isn't possible.

I have 2 NICS...

First NIC: 192.168.1.25 / 255.255.255.0 Gateway 192.168.1.1 (PIX firewall)
Second NIC: 192.168.1.40 / 255.255.255.0 Gateway 192.168.1.20 (VPN Router)

Problem:
If NIC#1 is enabled before NIC#2, I can browse the internet but cannot
connect through the VPN router. If NIC#2 is enabled first, then I can
connect through the VPN but cannot browse the internet.

How can I do both at the same time?


Thanks in advance.
 
P

Phillip Windell

Gandiel said:
OK... difficult question. The answer may be this isn't possible.
Click to expand...
Problem:
If NIC#1 is enabled before NIC#2, I can browse the internet but cannot
connect through the VPN router. If NIC#2 is enabled first, then I can
connect through the VPN but cannot browse the internet.

How can I do both at the same time?
Click to expand...

No. You are doing two things wrong at the same time.

1. One Nic per subnet (except for Nic Teaming situations)
2. On default gateway per whole machine.

Use *one* Nic. Static Routes in the Routing Table determine the right path
for the VPN Traffic.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
G

Guest

No. You are doing two things wrong at the same time.
1. One Nic per subnet (except for Nic Teaming situations)
2. On default gateway per whole machine.

Use *one* Nic. Static Routes in the Routing Table determine the right path
for the VPN Traffic.
Click to expand...

I still don't understand how to accomplish this... maybe this diagram will
help.

Local Machine
| |
NIC#1 NIC#2
(192.168.1.25 (192.168.1.40
GTW: 192.168.1.1) GWY: 192.168.1.20)
| |
PIX FIREWALL VPN Router to Client
(192.168.1.1) (192.168.1.20)
| |
Internet Client Site
 
G

Guest

You should only be using 1 NIC card since both are setup on the same subnet
(192.168.1.X). This would only work if each NIC was on being used to connect
to a different subnet. You should have a router in place in your network
that would handle directing traffic to either your PIX or your VPN Firewall,
or you can setup a static route on your PC that would direct traffic in the
appropriate place. If you kept the settings for NIC 1 in place and used a
route to do the job of the 2nd NIC, you would add a route on your PC like
this:

route add (destination subnet of client site) mask 255.255.255.0
192.168.1.20 metric # /p(for persistent)
 
R

Richard G. Harper

What Phillip said is:

"There is no right way to do what you want to do."

The only way you can make it work is to put one network card or the other on
an entirely different network address range. 192.168.1.25 and 192.168.1.40
are in the same range, and what you want cannot be done.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
 
P

Phillip Windell

Richard G. Harper said:
What Phillip said is:

"There is no right way to do what you want to do."
Click to expand...

Sometimes I just don't say it simple enough.... ;-)

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Routing 3
VPN server without domain controller 0
RAS - do I really need 2 NICs ? 4
Can a server have multiple Global IPs? 1
VPN Windows 2000 3
ip forwarding 8
VPN problem..help. 0
Server with static routes and two NICS 1

Top