Link to home
Start Free TrialLog in
Avatar of LegendZM
LegendZMFlag for United States of America

asked on

Developer wants weird setup for program, need help setting up the RRAS vpn

HI experts,

Here's the current setup


RRAS box one
nic 1: 192.168.199.55
gateway 192.168.199.1

nic2 - connected via cross over cable to 'middle' server ip 172.16.0.4


center box has 2 nics in connected via cross over cable to both of the RRAS boxes
nic 1 to RRAS box 1  172.16.0.3
nic2 to RRAS box 2 172.16.0.2

RRAS box two
nic 1: 10.0.5.10
gateway 10.0.0.1

nic2 - connected via cross over cable to 'middle' server ip 172.16.0.5


How would you go about joining the two nics on the RRAS Boxes with RRAS. Should I setup RIP and add both nics?

Should I setup static routes?

The middle server has to establish VPN connections to both RRAS boxes and be able to send / receive information on to their private networks 192.168.199.x and 10.0.x networks

On the middle box should I just use the bridge nic function within network connections?

Thanks!
Avatar of Paka
Paka

There are a couple ways to go about this.  What is the purpose of the center box?  Is is just a router between VPNs or does it perform some other function?

You could setup RRAS and RIP routing on all three boxes to allow for a fully routed network - that way any box could reach any network. and you won't have to mess with static routes.

You could also make the center box a VPN gateway between RRAS1 and 2 and just enable routing to allow RRAS1 and 2 to use it as VPN endpoints.
Avatar of LegendZM

ASKER

The center box is essentially an "airlock" as he calls it.  It's a weird way to transfer files between the 2 fully separate networks here

only specific people will be allowed to place files into a share that will be on either side of the RRAS boxes
then it will be approved by some program he wrote in .NET that the managers get

once approved the file goes to the center box where it gets approved again by a higher up
then it gets placed on the share of the other RRAS box on the opposite side

So I need the center box to have a VPN connection to both RRAS Boxes
which I know how to do, but it's once the vpn connection is established how the cross over cable data can pass through to the other side, i'm sure a static route is needed somewhere.
Does the traffic have to be encrypted between centerbox and RRAS servers?  I know developers are weird (I am one) but this requirement seems to be over the top.

Why don't you propse setting up a a couple shares that are encrypted or locked down with NTFS permissions?
ASKER CERTIFIED SOLUTION
Avatar of Paka
Paka

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The weirdest thing.  The 2 outside RRAS boxes can ping the center box by its IP on the cross over (172.16.0.1  & .2 ) but the center box can't ping either of them, and can only connect to one VPN (172.16.0.4)

I noticed in RRAs under IGMP
one box has an Internal Router V3 protocol and Querier of 192.168.199.198
and the other has a blank querier... I think that's why it can't connect?

the vpn links don't need to be encrypted so that saves me some headache
they dont want to do shares with the NTFS permissions because he's also coding that whole approval system  IDK it's the most bogus thing i've ever been tasked with setting up.
Oh and when the one that is connected works, it doesn't have DNS resolution.... :\
Fixed DNS resolution by adding the suffix

however, the other connection still can't connect

the 2 RRAS boxes are on their own seperate domains
and the center box has no domain membership
It just seems that it can't connect to the other rras box via cross over at all.. while it can't ping the other rras box it can still make and establish the VPN connection, however this other one (172.16.0.3) it can't ping or connect via VPN, nothing shows up in the log.

anyone ever dealt with multi homed cross over stuff before?
when i remove the other Cross over cable it's able to connect to the other RRAS box just fine.

so I guess it's the multi homed cross over and the vpn connection not knowing which adapter to use

how do you specify which network adapter a remote dial connection uses?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial