Reply to thread

Message: [QUOTE="P. Prisack, post: 4719512"] Hello NG, we have a dodgy little problem here which I can't seem to solve, maybe I'm missing something basic. The scenario is as follows: There is a LAN with subnet 192.168.1.0/24, a W2K server on 192.168.1.1 and a router for internet connection (outgoing only) on 192.168.1.100. Now I've implemented a DMZ on subnet 192.168.2.0/24 with an own router on 192.168.2.100 (incoming only). I've mounted a second NIC into the server and assigned 192.168.2.1 as DMZ IP. VPN ports are forwarded from the VPN router to the server's DMZ NIC. I successfully set up RRAS and a VPN server where, on first glance, everythings looks fine. But there is a routing issue: If I configure in RRAS the LAN router (.1.100) as a default gateway, all works fine for VPN clients who connect with an IP from the DMZ (i.e. WLAN laptops, they receive an IP out of the 192.168.2.0 range from the DMZ router). Clients which try to connect from the internet have a problem, because the VPN server doesn't know the correct route back to the client. The authentication request arrives at the server: VPN client -> internet -> DMZ router -> VPN server (DMZ interface) But the answer goes: VPN server (LAN interface) -> LAN router -> internet -> nowhere I don't want to configure the default gateway in RRAS to use the DMZ router (.2.100) for several reasons: I dont't want the server's own internet traffice to go through the DMZ, I don't want the laptops' internet traffice go through the DMZ, I want all internet traffic to pass the VPN server so I can take control or set up filters later. I had expected that the VPN server would answer authentication requests on the interface they arrive, no matter what default gateway exists furthermore. Is there a way to achieve this, am I a victim of misconception, or is it just a stupid mistake? Any hints are greatly appreciated. Best wishes Peter [/QUOTE]

Verification