wfninpa
asked on
Multiple Gateways, Load Balancing, Multiple Devices with diagram. Help?
I have a network that is currently running a SYSWAN SW24 Load Balancer with one static ip provider and Comcast cable modem as my dynamic ip provider.
Everything is great.
Since my STATIC IP provider gives me 5 ip addresses I would like to use another one to add a Linksys WRT54GL dd-wrt vpn for use as an OpenVPN solution for home users.
I do not want to use my SYSWAN unit for VPN, I already know I can do that but I don't want too and also don't want to pay for the license although it is very inexpensive.
The question I have is how will my VPN traffic work correctly when using an additional static IP for the WAN on the Linksys router and keeping it in the same subnet with a 10.0.0.254 address.
I'm pretty sure it is a matter of adding routes in the Linksys router but I'm not sure what I need to do.
It is much better explained in my diagram which should be attached to this post. Please see the diagram before asking any questions. I'm pretty sure it shows exactly what I want to do.
Thanks.
Everything is great.
Since my STATIC IP provider gives me 5 ip addresses I would like to use another one to add a Linksys WRT54GL dd-wrt vpn for use as an OpenVPN solution for home users.
I do not want to use my SYSWAN unit for VPN, I already know I can do that but I don't want too and also don't want to pay for the license although it is very inexpensive.
The question I have is how will my VPN traffic work correctly when using an additional static IP for the WAN on the Linksys router and keeping it in the same subnet with a 10.0.0.254 address.
I'm pretty sure it is a matter of adding routes in the Linksys router but I'm not sure what I need to do.
It is much better explained in my diagram which should be attached to this post. Please see the diagram before asking any questions. I'm pretty sure it shows exactly what I want to do.
Thanks.
ASKER
So setup my OpenVPN to assign from 172.32.1.1/24 block.
Add a static route for all 172.32.1.0 be routed to the LAN IP of the WRT device.
Correct?
That makes sense to me. So if I have VPN users connecting to the WRT device (LAN IP: 10.0.0.254) they will get a 172.32.1.x address (VPN net) and I will still be able to access 10.x.x.x machines?
Would I need to add a static route on the WRT device to route any requests for 10.x.x.x to the proper net? I don't think I would have to add a static route to the WRT device now that I think about it because it is already setup on the 10.x.x.x side.
Do I understand correctly?
Add a static route for all 172.32.1.0 be routed to the LAN IP of the WRT device.
Correct?
That makes sense to me. So if I have VPN users connecting to the WRT device (LAN IP: 10.0.0.254) they will get a 172.32.1.x address (VPN net) and I will still be able to access 10.x.x.x machines?
Would I need to add a static route on the WRT device to route any requests for 10.x.x.x to the proper net? I don't think I would have to add a static route to the WRT device now that I think about it because it is already setup on the 10.x.x.x side.
Do I understand correctly?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you.
You're welcome.
You should avoid to have 2 DG's for any system. What you would do is not adding a second DG. Your VPN users will be assigned an IP range outside of your local net. Since your NetMask is 255.0.0.0 it is not possible to assign an IP range from withing the 10.x.x.x segment. You'll assign them and IP address from a different block say 172.32.1.1/24 and you'll either add a static route to each PC which will direct 172.32.1.x traffic to the IP address of your WRT router. or you2ll add a single routing command to te syswan so taht all traffic to the 172.32.1.x traffic will be routed to your WRT device and this is it.
There's no complex operation here:
- IP assignment to your VPN users from a different subnet than your intranet.
- Add a static routing rule to SYSWAN so all the traffic to the above created subnet to the WRT
and this is it.
Cheers,
K.