VPN/Default Gateway/TerminalServices



This is the configuration of my W2K network running AD/DNS, DHCP.
All servers are running W2K Server STD, and all clients W2K Pro with SP4.

Server A: DomainController, Static IP, Default Gateway
Server B: PrintServer, Static IP, Default Gateway
Server C MailServer, Static IP, Default Gateway
Server D: CommunikationServer running TerminalServices, Static IP, Default Gateway

Router 1 wint Static Public IP and LAN IP On this router are
all TerminalServices traffic coming in.
Router 2 wint Static Public IP and LAN IP On this router all
VPN connections are comin in.

Router 3 with DynDNS and lan IP This router are placed att my
home and connecting
router 3 over VPN.

The problem is that I can¨t connect/ping "Server D" unless I change the
Default Gateway to, I have tried to use 2 Default Gateways on
"Server D" but this doesn¨t help.
Server A, B and C can i connect with no problems. I can browse them and I
can connect them with TerminalServices in Admin mode.
How can I solve this problem?

Best regards KTH.

Phillip Windell

One LAN Router must be the "boss". Pick one that is central to the LAN. The
Clients use it, and *only* it for the Default Gateway. It should *not* be
"Router" that shares the Internet to the LAN. You want your Layer3 routing
scheme to function even if you didn't even have the Internet to begin with.
Even if you only have a single subnet LAN and all routers on on the "edge",
you still need to choose one as the primary router and follow the same
pattern I describe.

Think "logically" in a straight line. Don't create a confusing mess by
zig-zagging all over the place (figuratively speaking). All machines use
the primary LAN Router as thier Default Gateway. The LAN Router that is the
Default Gateway of all machines then, in turn, has its Default Gateway
pointing to the Router that leads to the Internet. If your VPN Traffic is
using a site-to-site connection then their needs to be a static route to
that remote subnet listed in the Primary LAN Router that points to the VPN
Router. If it is only a "Remote Access VPN" then you don't need a static
route at because the VPN Client receives an IP from your LAN and "logically"
becomes part of the LAN so there isn't any "routing" involved.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question