Two VPN (internet) connections rounting (win2003)

Question

Here is my setup:
- win2003 server (ISA installed) with 3 NICs:
  1) internal network
  2) ISP 1 (default) network (DHCP enabled)
  3) ISP 2 (backup) network (DHCP enabled)
- several "normal" PC within internal net
- one "special" PC within internal net

Both ISP 1 and ISP 2 provide access to internet and their resources thru their VPN connections.

The goal is to enable all "normal" PCs to use internet from ISP_1's VPN connection and "special" should use only ISP_2's VPN connection.
Futhermore all "normal" and "special" PCs should have access to several servers accesible only thru ISP_2's VPN connection.

I have some thoughts how to achieve this but I want to be certain because everything should be configured as quickly as posible, avoiding significant downtime.

UPD: any ideas to solve this if there was no ISA?

windows-server-2003 isa routing vpn

score 0 · Answer 1 · answered Mar 28 '10 at 08:30

First off, you need source routing to be able to direct the "special" PC to ISP2. This is kind of special. I don't know how to do it in Windows, Experts Exchange has a link that looks promising at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23752967.html

The second part should only require you add a static route(s) to the servers in question to insure the traffic goes there over the link at ISP2. ou my Now when you throw ISA into the mix, on the same system no less. that changes things. ISA may have it's own configuration rendering the routing portion of this irrelevant. If all your systems use ISA as a web-proxy, then web traffic will appear to be coming from the ISA server and source routing is useless. The good news is that the destination routing(part two) should go off without a hitch.

Assuming ISA is acting as a proxy for a lot of the traffic passing through the system, you may have to disable proxy for the "special" PC to be able to do source routing. Or it may be that ISA is able to handle that for you as well. I cannot answer that as I'm not very familiar with ISA.

score 0 · Answer 2 · answered Mar 28 '10 at 10:59

Sounds like you need to setup some outbound policies, so that your internet connections are load-balanced.

I recently had to do this for a client, where they had a very similar setup.

I found that a Peplink Device solved all my problems, its a great device that allows you to simply 'drop' it into your network, configure it with outbound policies, routing and off it goes!

Two VPN (internet) connections rounting (win2003)

2 Answers2