Winados 2003 VPN Sever: Two VPN Internet Interfaces?

[Franz Schenk]

Our customer has a well working Windows 2003 Server which is used for VPN
Remote Access over L2TP/IPSec from Windows XP Clients. Unfortunately the
ADSL Internet connection fails from time to time, so that no VPN access at
all is possible during these failures. The customer ordered now a second
ADSL Internet connection from another provider to get VPN access even when
one ADSL connection is down. The customer put a third NIC in the RAS Server:
There are now two NIC's with Internet connection and one with the LAN
connection installed.

The problem I see now is that there should be only one default gateway entry
per server system on one NIC connected to the internet on the RAS Server. A
static route entry is not possible because the VPN clients can have any IP
source addresses.

Does anyone have an idea if it is possible to use a Windows 2003 RAS Server
with two interfaces connected to two different internet providers as a VPN
Server, and if yes, how to configure the default gateway entries? Is any
(MS) documentation about this configuration available?

Thank you all in advance for any help
Franz

 

[Guest]

Franz,

I gues that for this scenario you should use Routing and Remote Access demand dial connections, so you can configure more then one static route for the 0.0.0.0 entry (do not use the "default gateway" option in the NIC) with different costs (you would give lower cost to the most reliable ADSL connection and a higher cost to the other) so you could have "another way out" to the internet. Since the static routes from Routing and Remote Access are based on the interfaces (and not on IP addresses) you can use it even with variable IP addresses.

I know this will give you the option of having more then one "default gateway" but your client would still need to create two VPN entries - when one fails he tries to connect from the other.

I am not sure if this will work perfectly, 'cause I would need to make a test in a situation like this, but I guess it could be the way out for your situation.

Hope this helps,

Pedro Lima
MCSE
from Brazil

 

[Bill Grant]

RRAS does not really handle that sort of thing. The system can have only
one active default gateway. If you set up more than one, only one will be
used. The best you can hope for is that it will switch to the second one if
the first one fails. But how would the client know which IP to use?

You will need third-party software to load balance the two connections.

 

[Alan Charlton]

If you're willing to spend a couple hundred bucks, try one of the
small "Dual WAN routers" out there (like the Xincom xc-opg502).

Assign the external IP's from each ISP to the WAN interfaces, and your
NIC that used to be on the Internet will get 2 'internal' IP's (they
will be NAT'd IP's, but use the 'multiple DMZ' function on the router
to specify that each external interface maps directly to one of the
internal IP's). The 3rd NIC isn't necessary in this scenario.

That way your Windows box can keep a single default gateway... it's
much happier that way.

Alan

 

[Bill Grant]

Sounds a great idea to me!

If you're willing to spend a couple hundred bucks, try one of the
small "Dual WAN routers" out there (like the Xincom xc-opg502).

Assign the external IP's from each ISP to the WAN interfaces, and your
NIC that used to be on the Internet will get 2 'internal' IP's (they
will be NAT'd IP's, but use the 'multiple DMZ' function on the router
to specify that each external interface maps directly to one of the
internal IP's). The 3rd NIC isn't necessary in this scenario.

That way your Windows box can keep a single default gateway... it's
much happier that way.

Alan

"Franz Schenk" <franz.schenkNOSPAM@fititNO-_SPAM.ch> wrote in message