Questions

LAN/Internet Routing

Tags:
+
0 Votes
Locked

LAN/Internet Routing

silverthorn__21
I am configuring a test bed before going live, I'll explain what the project is and what i'm attempting to do for the test bed configuration.

There are 5 Windows 2003 servers all connected in the Same AD domain

Each server will be at a different location and will act as the local DC, DHCP, DNS, WINS & VPN Router. These machines only have 1 nic as there is a dual port Router to the internet at each location.

Site info:
Location 1 (Primary Location)
Server IP info: 192.168.0.1 IP
255.255.255.0 Subnet
192.168.0.254 Gateway
192.168.0.1 DNS1
192.168.0.254 DNS2
Router Info 192.168.0.254 IP
10.10.10.1 WAN1 DSL
10.10.11.1 WAN2 Cable
Location 2
Server IP info: 192.168.1.1 IP
255.255.255.0 Subnet
192.168.1.254 Gateway
192.168.1.1 DNS1
192.168.0.1 DNS2
192.168.1.254 DNS3
Router Info 192.168.0.254 IP
10.10.12.1 WAN1 DSL
10.10.13.1 WAN2 Cable

Location 3
Server IP info: 192.168.2.1 IP
255.255.255.0 Subnet
192.168.2.254 Gateway
192.168.2.1 DNS1
192.168.0.1 DNS2
192.168.2.254 DNS3

Router Info 192.168.0.254 IP
10.10.14.1 WAN1 DSL
10.10.15.1 WAN2 Cable
Location 4
Server IP info: 192.168.3.1 IP
255.255.255.0 Subnet
192.168.3.254 Gateway
192.168.3.1 DNS1
192.168.0.1 DNS2
192.168.3.254 DNS3

Router Info 192.168.0.254 IP
10.10.16.1 WAN1 DSL
10.10.17.1 WAN2 Cable
Location 5
Server IP info: 192.168.4.1 IP
255.255.255.0 Subnet
192.168.4.254 Gateway
192.168.4.1 DNS1
192.168.0.1 DNS2
192.168.4.254 DNS3
Router Info 192.168.0.254 IP
10.10.18.1 WAN1 DSL
10.10.19.1 WAN2 Cable

All Clients at each location will point the the server for their default gateway allowing the local server to route accordingly.

I actually have two questions:

How can I configure the remote site servers to connect in a persistent VPN that would allow fail-over Eg. Location 5 connects to location 1 via 10.10.18.1 to 10.10.10.1, 10.10.10.1 fails so in this case we should re-establish the VPN tunnel from 10.10.18.1 to 10.10.11.1 or alternately 10.10.18.1 failes so we should go through 10.10.19.1 to 10.10.10.1. I would like to know if there is a way to create this fail-over automatically (Remember all servers are Windows 2003 Standard SP1) or barring that what are the rammifications to having to VPN tunnels to the same subnets, ie Tunnel 1 : 10.10.18.1 to 10.10.10.1 and 10.10.19.1 to 10.10.11.1)

The second question is in my test bed I use a Windows 2003 server between all the locations (using LAN routing) to emulate the internet. This is working fine currently but does not allow me to talk out to the real internet from the sub locations.
LAN Routing confuration:
IP: 10.10.20.1
SB: 255.255.255.0
GW: 10.10.20.254
IP config to allow LAN Routing
10.10.10.254
10.10.11.254
10.10.12.254
10.10.13.254
10.10.14.254
10.10.15.254
10.10.16.254
10.10.17.254
10.10.18.254
10.10.19.254

I can talk through a created VPN from any of the five sites if it goes to another site but if I attempt to connect to the internet I get nothing. The Machine running as the 'emulated' internet simply drops the packets. ie I would like to go to Google.com from the server @ 192.168.0.1. It should realize that it is not one of the other sites so it goes to the local router : 192.168.0.254/10.10.10.1 -> 10.10.10.254 -> internally routes to 10.10.20.1(or 254) and out the network router to the internet and back again. If there is a route i'm missing I can't figure it out.

Hopefully I haven't bombarded you with too much information but I find it better up front than latter have to post extra.

Thanks in advance,

Dan