2012 server r2 - 2 nics - 2 internet connections

willetelegence · Aug 12, 2016

i have 1 2012 r2 server, 1 BT fibre connection, 1 Virginmedia connection.

Both connections have static public ip's

what i want to do is use BT connection for web traffic and the virgin connection for incoming vpn connections only.

Server has 2 nics -

nic 1 (10.100.100.3 - gateway 10.100.100.254 )

How do i configure nic 2 to allow incoming l2tp/ipsec vpn traffic on that connection only and connect to servers shares ?

Any help appreciated

gbb0330 · Aug 12, 2016

I don't have a 2012 server with 2 NICs in front of me right now, but from memory I think this should help:

you have different public IPs 1 associated with BT the other one with Virgin. tell your VPN users to connect to the Virgin IP address.

in your remote access configuration make sure your VPN is associated with the Virgin NIC.

For web traffic to go through the BT nic, go to network connections -> advanced tab -> advanced settings and configure the provider order.

willetelegence · Aug 14, 2016

Thanks for the reply, my question lies more with the Virgin NIC's config, IP, subnet and specifically gateway, can I assume VPN clients would use ip pool, since dhcp is bound to BT nic ?

bill001g · Aug 14, 2016

The problem you have is that routing only based on ip addresses and not ports. Now there maybe other software that overrides this behavior but the default microsoft and almost every router only uses IP. Virtual machines tend to be one form of solution that does work although it is complex to setup.

This to a point is solvable if you were running outbound sessions. You could work really hard and get a list of say vpn location you go to and put in route statement telling your device to use the nic. The major problem you have is that with incoming session the IP can be pretty much anything so it is impossible to come up with a list. You run the very big risk that the machine attempt to send the response back to the vpn client on the wrong interface.

Now there is a fairly unusual solution to this problem and it used to solve the generic issue of always returning incoming session over the same interface. You could in theory use a single web server and have different users accessing it externally over multiple nics. It also actually allows the external machine to access the server over both external ip at the same time.

You need a route that has the ability to NAT the IP address of the remote incoming machine. You would for example nat all external address that come in to say some ips in the 10.0.0.0/24 range. You would then route the 10.0.0.0/24 to the correct router on your machine. Now in most cases you are also natting the servers ip also so you in effect nat both the source and destination ip.

Not sure if you want to go to the trouble but it does work well once you get your brain unconfused about natting both ip and what those ip are called based on the direction the traffic is flowing.

willetelegence · Aug 15, 2016

So returning the incoming connections back via the source NIC seems to be the issue here ? is it not possible to bind vpn to a specific NIC.

getting my brain more confused, at this point

bill001g · Aug 15, 2016

In general vpns do not have a feature that does that. Being able to bind a program to a nic is more a concept of a VM. Now there is a old program called forcebindip that can do this. Last time I looked it still has issues with win10 and takes a performance hit at high traffic rates. It likely will depend how the VPN is designed. some vpn use 1 process to setup the session and then spawn another for the actual session.

Not sure last time i used forcebindip was back in win 7 and it had quirky issues like just stopped working and I decided to I didn't really need to use 2 nics.

Search

2012 server r2 - 2 nics - 2 internet connections

willetelegence

Commendable

bill001g

gbb0330

Reputable

willetelegence

Commendable

bill001g

Titan

willetelegence

Commendable

bill001g

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page