new-to-networking
@mindspring.com
| reply to cdru
Re: [Connection Sharing] VPN endpoint for multiple segments
i m not doing double NAT, but static routing on router2. the reason is that router1 has filtering policies, firewall rules, yet router2 has the QOS, VLAN, pptp server and wireless....so i m trying to combine them together without using double NAT.
i will also host a web server soon , putting it onto DMZ, so i believe the router1 is the primary boundary DMZ zone, the router2 is the internal boundary using static routing....
is this good? |
|
cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
| reply to new-to-networking
Properly configured, you could put the PPTP server under ROUTER1 or ROUTER2. For convienence, simplicity, and performance, under ROUTER1 probably would be best. However there are design and security reasons why you might want to put it under ROUTER2 on one of the VLANs.
Without more information as to how the network is setup, why are doing double NAT (if my presumption is correct), physical infrastructure, etc, it's hard to give you a better suggestion as to where to stick it.
--
"What gives them the right to come in and do this?" she said. - Lady complaining that she was getting FIOS in her backyard. |
|
new-to-networking
@mindspring.com
| hi:
i m trying to setup a multiple segments and VPN for the office LAN. here it goes:
modem-> ROUTER1 (WAN:dhcp LAN:10.10.10.1)>Router2 (WAN:10.10.10.2 LAN:192.168.0.1)- switch (VLAN1: 192.168.0.x, VLAN2: 192.168.1.X)
1)if i put the VPN endpoint, such as PPTP server on router 1, will the outside see the WHOLE segments on ROUTER2 ???
if so, how can i do so?
2) or If i put the PPTP server on ROUTER 2 , Router 1 enable PPTP passthru, port forwarding to Router2, will this also see the whole segment?
The reason is that some employees gotta get back the files from the server at home. the server is on 192.168.0.x domain.
thank you. |
|
