• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

(help) access Lan resources but not the Internet

Question

kazgor    12

Hi,

Hope i write this correctly so it makes sense.

Our accounts department have to VPN to Head office to do all the accounts, using Cisco VPN, but our 2meg internet connection

is pretty much used up by the whole office so it very slow, so a second ADSL line is being fitted for them.

Now question is, what is the best way to give accounts access to the New ADSL line but still leave access to the network resource,

eg, NAS, Printers, Mail, but not the Internet that is through the LAN.

The main resource is a Printer so that they can obviously print of the invoices locally.

The plan for now was to put the VPN pcs plugged straight into the new ADSL and when they needed to print just disconnect and reconnect

to the LAN network, VPN back-in and do the printing (speed would really be a issue at this point).

I just think the above is rubbish..

I know you can do stuff with default gateways and routing table, just not sure how to get the effect im after.

the Modem/Router we're getting will have 4 ethernet ports and is also wireless.

any pointers.?

Kaz.

Share this post


Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 0
+BudMan    3,727

And has your cisco vpn been setup to allow access to the LAN? Most of the time once your vpn'd all traffic has to go thru the vpn connection, does not matter what your routing table states.

if Who controls your vpn allows for split tunnel -- then sure you can access whatever you want on the local lan at the same time you access resources on the other end of the vpn.

As long as there is no conflict with the local IP ranges and the vpn ranges you should not have any issues..

Post some details of what IP ranges your working with, etc.. And your going to have to get with who controls the VPN to allow for what your doing.

edit: Ah maybe I misread your question?? Your going to have 2 internet connections on your lan.. Say 192.168.0.1 (current inet) and 192.168.0.2 (adsl)

Just change the machines that want to use adsl connection to get to the vpn gateway to point there.. Or if you just want them to use that connection for access to the vpn.. Just setup a route on their machine to point to that IP for whatever IP they connect to for the vpn.

vpn IP = 1.2.3.4

route add 1.2.3.4 mask 255.255.255.255 192.168.0.2 metric 1

Share this post


Link to post
Share on other sites
  • 0
kazgor    12

Budman, it was the 2nd one. ie 2 internet connection coming into the company, 1 for the office which plugs straight into our switch and feeds all the servers and office.

we have a serve 2003 network, ip are in 172.16.0.x range, 17.16.0.1 being the primary domain/dns and also the default gateway.

how do u mean i can add the adsl(new) to the above setup? u saying make sure the new ADSL router as got a different IP address? eg 172.16.0.200?

thanks for u're patience.

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,727

Yeah just put the private connection of your new adsl router on your current 172.16.0.x network.. Then setup your machines to use that as their gateway.. they would then use the adsl router to get to anything not on the 172.168.0.x/24 network

Or if you still want them to use your other connection for everything but the VPN.. then just setup a router on the machines that need the vpn to use the adsl routers 172.16 ip address to get to the IP address of your VPN server. I posted the command already -- just do route /? from a command line to get help on its use.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.