-1

I would appreciate any help with configuration of MS Windows Server 2012 R2. I have tried more solutions, but any of them were not so appropriate. The idea is on the attached schema belove.

Server has AD. Server has 2 NICs. Both are configured on the same subnet. (192.168.1.0) with IP addresses manually configured as is on the schema.

NIC 1:

IP:192.168.1.254
MASK: 255.255.255.0
GW: 192.168.1.1
DNS 1: 192.168.1.254
DNS 2: 192.168.1.1
Metric: 10

NIC 2:

IP:192.168.1.154
MASK: 255.255.255.0
GW: no
DNS 1: 192.168.1.154
DNS 2: 192.168.1.1
Metric 100

NIC 1 is connected to router from ISP 2. NIC 2 is connected to router from ISP 1.

The goal is: All clients should have access to the internet via ISP 2. Some clients have acces also via ISP 1 via VPN. ISP 1 does not provide public static IP address. ISP 1 yes. So only via ISP 1 is possible to access the local network via VPN.

How to configure server to accept VPN connection and route whole traffic from VPN to local and to ISP 2?

Also I have tried 2 subnets (for VPN clients 192.168.2.0, for local clients 192.168.1.0 but no success to setup routing).

Thanks.

enter image description here

auth private
  • 1,318
  • 1
  • 9
  • 22
Sauron
  • 136
  • 3
  • As far a your server is concerned, both NICs are attached to the same network (`192.168.1.0/24`), and it could use either to connect to any address on that network. It will normally choose a single NIC on which to send out traffic The server needs IP addresses on separate networks. – Ron Maupin Sep 16 '15 at 20:57

1 Answers1

0

This is not how you do this, rather you need a firewall that supports multiple WAN interfaces - examples are Peplink (great if you also want to load balance the ISPs or get increased throughput by leveraging both of them) other examples include the Cisco RVx series, or Zywall USG series.

Then your server can have one IP on the LAN (as it should) and you can use the ACL/Firewall rules to control what goes in/out which ISP.

notAduck
  • 190
  • 1
  • 3
  • 13
  • I know that it is a solution, but i have to work with devices, which do not support multiple WAN interfaces. So I have have to prefer a solution with eg. 2 different networks. But there is a problem with setting routes. I do not have an idea. Sorry. – Sauron Sep 17 '15 at 19:22