Solved

Multiple Gateways, Load Balancing, Multiple Devices with diagram.  Help?

Posted on 2010-11-08
5
953 Views
Last Modified: 2012-05-10
I have a network that is currently running a SYSWAN SW24 Load Balancer with one static ip provider and Comcast cable modem as my dynamic ip provider.
Everything is great.

Since my STATIC IP provider gives me 5 ip addresses I would like to use another one to add a Linksys WRT54GL dd-wrt vpn for use as an OpenVPN solution for home users.

I do not want to use my SYSWAN unit for VPN, I already know I can do that but I don't want too and also don't want to pay for the license although it is very inexpensive.

The question I have is how will my VPN traffic work correctly when using an additional static IP for the WAN on the Linksys router and keeping it in the same subnet with a 10.0.0.254 address.

I'm pretty sure it is a matter of adding routes in the Linksys router but I'm not sure what I need to do.

It is much better explained in my diagram which should be attached to this post.  Please see the diagram before asking any questions.  I'm pretty sure it shows exactly what I want to do.

Thanks. Network Diagram
0
Comment
Question by:wfninpa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 34086153
Hi,

You should avoid to have 2 DG's for any system. What you would do is not adding a second DG. Your  VPN users will be assigned an IP range outside of your local net. Since your NetMask is 255.0.0.0 it is not possible to assign an IP range from withing the 10.x.x.x segment. You'll assign them and IP address from a different block say 172.32.1.1/24 and you'll either add a  static route to each PC which will direct 172.32.1.x traffic to the IP address of your WRT router. or you2ll add a single routing command to te syswan so taht all traffic to the 172.32.1.x traffic will be routed to your WRT device and this is it.

There's no complex operation here:
- IP assignment to your VPN users from a different subnet than your intranet.
- Add a static routing rule to  SYSWAN so all the traffic to the above created subnet to the WRT
and this is it.

Cheers,
K.
0
 
LVL 1

Author Comment

by:wfninpa
ID: 34086424
So setup my OpenVPN to assign from 172.32.1.1/24 block.
Add a static route for all 172.32.1.0 be routed to the LAN IP of the WRT device.

Correct?

That makes sense to me.  So if I have VPN users connecting to the WRT device (LAN IP: 10.0.0.254) they will get a 172.32.1.x address (VPN net) and I will still be able to access 10.x.x.x machines?

Would I need to add a static route on the WRT device to route any requests for 10.x.x.x to the proper net?  I don't think I would have to add a static route to the WRT device now that I think about it because it is already setup on the 10.x.x.x side.

Do I understand correctly?
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
ID: 34089559
In fact what OpenVPN does is :
- Use your Ethernet IP to bind your admin ports.
- Then you allocate another segment for VPN users
- It will then route the new network IP to the created P-t-P interface which will route through your Ethernet IP.

So that routing packets to VPN segments to the Ethernet IP of the OpenVPN box is enough.

Since the WRT has one of its interfaces at the 10.x.x.x side it will correctly know what packets to send to this interface. So an additional Routing is not necessary for it. (Even if you'd add one it would be route 10.0.0.0/8 to 10.0.0.1 which is the same with your interface network and your default gateway and redundant. This is why you don't add routing to TCP/IP boxes for the interfaces they have since they could calculate the network and broadcast address automatically from the interface config)

Cheers,
K.


0
 
LVL 1

Author Closing Comment

by:wfninpa
ID: 34297305
Thank you.
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 34333277
You're welcome.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question