Two NICs and routing - Microsoft Windows

This is a discussion on Two NICs and routing - Microsoft Windows ; Hello, I have a PC with two NICs. The first NIC is used to access the local LAN and it works fine. A second NIC was added so that a VPN client can use it. How do I set it ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Two NICs and routing

  1. Two NICs and routing


    Hello,

    I have a PC with two NICs. The first NIC is used to access the local
    LAN and it works fine. A second NIC was added so that a VPN client can
    use it. How do I set it up so that the VPN client requests will be
    routed through the second NIC? Both NICs are physically connected to
    different networks; that is, the network cable from the first NIC is
    hooked up to the LAN and the network cable from the second NIC is
    hooked up to the DMZ. Basically I need to tell the VPN client to use
    the second NIC to get to the proxy server on the internet that will
    allow the VPN connection.

    Thanks,

    Guru


  2. Re: Two NICs and routing

    gururajan20815@yahoo.com writes:
    > Hello,
    >
    > I have a PC with two NICs. The first NIC is used to access the local
    > LAN and it works fine. A second NIC was added so that a VPN client can
    > use it. How do I set it up so that the VPN client requests will be
    > routed through the second NIC?


    You say VPN client in a paragraph below. If the VPN is being
    established from this machine to another srever, you just need to make
    sure routing for the ip address of the VPN server to which you are
    establishing a connection has a route table entry specifying the 2nd
    NIC's interface.

    But I'm curious why an outbound vpn client connection has to go
    directly from the DMZ, and why it can't go through your normal network
    channel. Is there very aggressive egress filtering happening on the
    main network such that VPN traffic isn't allowed out to the internet
    from it?

    I don't see the need for the 2nd NIC I guess.

    > Both NICs are physically connected to
    > different networks; that is, the network cable from the first NIC is
    > hooked up to the LAN and the network cable from the second NIC is
    > hooked up to the DMZ.


    There are a few security issues this introduces, but that's beyond the
    scope of this discussion perhaps, and would require more info about
    your DMZ setup and what hardware is involved. Basically you want to
    be sure this dual-homed machine doesn't become the weak point by which
    someone could bypass your border firewals.

    > Basically I need to tell the VPN client to use the second NIC to get
    > to the proxy server on the internet that will allow the VPN
    > connection.


    A static route may be what you seek. Look for documentation on the
    windows "route" command. But I remain curious as to why the DMZ needs
    to be involved in a VPN client connection. For a VPN servre, I could
    see the DMZ being involved to accept inbound connections, but for an
    outbound client, I remain curious.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

+ Reply to Thread