Server 2003 as VPN and NAT Gateway-how to have 2 internet connecti

Discussion in 'Server Networking' started by Jeremy Lang, Jul 31, 2007.

  1. Jeremy Lang

    Jeremy Lang Guest

    Runing Win2k3 Svr R2 64bit, don't quite get how to have redundant internet
    connections...

    Basically I'm running an independent shop within a larger organization, and
    we have our own dedicated 3Mbit link with a fixed IP address plus a shared
    (bloody fast) link at ~10-30Mbit that comes to me via a private IP address.

    When I set them both as external NATed connections the internal network
    accesses the Internet great (though even using metrics sometimes it switches
    everybody over to the 3Mbit line) BUT we can't get in from outside, though it
    sometimes works for a brief period after I bounce the RRAS service.

    There's VNC, ping, and PPTP services all passed through the NAT/basic
    firewall on the 3Mbit (fixed external IP) line, but I can't do any of those
    things when both connections are setup.

    I just took out the default gateway of the preferred connection, forcing the
    network to use the 3Mbit, and I can again connect fine to the external IP...

    The error about multiple default gateways implies it's OK if they both
    connect to a single network--including the Internet(?), but from an incoming
    connection standpoint something aint right...

    What do I need to do to be able to use the fast line for most outgoing
    traffic from my network and the dedicated line for all incoming and as a
    backup for outgoing?
     
    Jeremy Lang, Jul 31, 2007
    #1
    1. Advertisements


  2. You don't. It's that simple.
    It has to performed by a "commercial quality" routing device that is
    designed to do that. Typically is is performed using Dynamic Routing
    Protocols which will switch routes "on the fly" when one is detected to be
    down.

    This isn't something you'd do with a Windows Server box,...although some the
    the Routing Protocols RRAS can use may be capable,..but I have never heard
    of anyone doing that.

    In the "Home User" arena, there are broadband boxes that have duel "WAN
    Ports" and they are design to load balance/fail over between the two ports.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Troubleshooting Client Authentication on Access Rules in ISA Server 2004
    http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Microsoft ISA Server Partners: Partner Hardware Solutions
    http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
    -----------------------------------------------------
     
    Phillip Windell, Jul 31, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.