rpraveen
asked on
Routing traffic in my Network.
Hello,
In my Network I have 2 different gateways. Lets call it A and B. A is a firewall and B is a NetScreen device.
To A is attached a Server (S1) which runs SMTP and a VPN Server. Through B I am connected to my Corporate WAN which also gives us access to our emails.
I have another server S2 running some databases. A user connects to our Network via VPN through the INternet and gets access to Server S2. However, with the same connection he does not get access to the Corporate email.
When I change the Default Gateway on Server S1 to that of B, then the user is able to access the corporate emails as well as access the databases on Server S2. But, the down side of this is that the SMTP service on S1 does not seem to be up. (tried telnet from a machine on the internet which did not work)
Is there a way where I can achieve all three - 1. Access Databases on S2, 2. Access corporate emails via the WAN and 3. Keep the SMTP service on S1 in a working mode.
Thanks,
Praveen.
In my Network I have 2 different gateways. Lets call it A and B. A is a firewall and B is a NetScreen device.
To A is attached a Server (S1) which runs SMTP and a VPN Server. Through B I am connected to my Corporate WAN which also gives us access to our emails.
I have another server S2 running some databases. A user connects to our Network via VPN through the INternet and gets access to Server S2. However, with the same connection he does not get access to the Corporate email.
When I change the Default Gateway on Server S1 to that of B, then the user is able to access the corporate emails as well as access the databases on Server S2. But, the down side of this is that the SMTP service on S1 does not seem to be up. (tried telnet from a machine on the internet which did not work)
Is there a way where I can achieve all three - 1. Access Databases on S2, 2. Access corporate emails via the WAN and 3. Keep the SMTP service on S1 in a working mode.
Thanks,
Praveen.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am Sorry Rob, I was unable to try your suggestion as I was out of office. I have just returned and I am looking into this now. I will try out your suggestion.
Many Thanks
Praveen.
Many Thanks
Praveen.
Thanks for the update rpraveen, good luck with it.
--Rob
--Rob
ASKER
Hi Rob,
I tried the command but it would not add. However, let I would like to clarify that the remote user connects using VPN only to Server S1. Once he connects to the S1 server, he accesses the LAN successfully. The LAN is looking at the Netscreen device for the access to the WAN, which is what is not happening for the remote user.
Please advice.
Thanks and Regards,
Praveen.
I tried the command but it would not add. However, let I would like to clarify that the remote user connects using VPN only to Server S1. Once he connects to the S1 server, he accesses the LAN successfully. The LAN is looking at the Netscreen device for the access to the WAN, which is what is not happening for the remote user.
Please advice.
Thanks and Regards,
Praveen.
I think I have a little better understanding now. Assuming the following example:
remote user 192.168.1.101 Corporate WAN 192.168.200.0
| |
firewall 192.168.123.254 Netscreen 192.168.123.253
| |
S1 server 192.168.123 |
|_________________________
A) I don't think it is possible to do this. Normally you cannot route the VPN traffic to another subnet, but possibly with the 2 gateways it may work
B ) try the following route command on the S1 server, leaving it's firewall (not the NetScreen, as the default gateway). If it doesn't work you can remove as per the instructions in my first post (adding the -p option above will make it persistent):
route add 192.168.200.0 mask 255.255.255.0 192.168.123.253
^remote subnet ^matching mask ^gateway to access corporate WAN
remote user 192.168.1.101 Corporate WAN 192.168.200.0
| |
firewall 192.168.123.254 Netscreen 192.168.123.253
| |
S1 server 192.168.123 |
|_________________________
A) I don't think it is possible to do this. Normally you cannot route the VPN traffic to another subnet, but possibly with the 2 gateways it may work
B ) try the following route command on the S1 server, leaving it's firewall (not the NetScreen, as the default gateway). If it doesn't work you can remove as per the instructions in my first post (adding the -p option above will make it persistent):
route add 192.168.200.0 mask 255.255.255.0 192.168.123.253
^remote subnet ^matching mask ^gateway to access corporate WAN
--Rob