The instance proves that the dual-line access using vpn soft routing is better than the hardware VPN Router, and it also has many advantages. As we all know, hardware routers and software routers can be used to achieve dual-line routing (ROS in Linux and Policy Routing in Windows), while hardware routers themselves are dedicated, so the cost is considered, its cpu is mostly 8-bit or 16-bit, and its cache is also several megabytes to dozens of megabytes. and software routers.
In particular, vpn soft route dual-line access, as long as the anti-virus, hardware stability, anti-attack) its stability and performance are absolutely not mentioned, especially its ability to process the routing requests of large Internet cafes, it is much higher than Linux. VPN dual-line Routing Server: It is set up in a dual-line environment to provide a local LAN dual-line single gateway for Internet access, and to provide a remote VPN dial-up with a server that establishes an IPsec connection tunnel. Remote VPN Dial-Up Policy Routing: A Remote VPN dial-up machine uses a local gateway to access the Internet, and uses a policy route to borrow lines to achieve shared Internet access in the local LAN.
Vpn soft route dual-line access is more flexible than hardware VPN Router, more suitable for Using vpn soft route dual-line access, and generally hardware VPN routing is implemented, the number of lines to be processed and the number of remote connections are limited, and for soft routing, as long as the machine can have N NICs, you can realize the N-1 route too much is useless ), the number of connected users is much larger than that of hardware routers.
How to achieve vpn soft route dual-line access?
Next we will briefly describe the implementation of two-line access for each vpn soft route in Windows2003: Dual-network routing: It is relatively simple to implement. It uses three NICs, each of which occupies one segment of China Telecom and China Netcom, and the other is used as an intranet interface. First, use NAT to set the Internet, such as the Netcom interface, as the Internet egress, and set the IP address, DNS, and gateway of the Netcom interface. Only the IP address and DNS are set for the Intranet interface, then, set the telecom interface to over loading NAT. In this way, two internet outlets are available. In this case, you must set a policy route by adding a static route table, the route table of China Telecom allows China Telecom to go through the telecom interface, and China Netcom to go through the Netcom interface. Only China Telecom can be added. In this way, the dual-network routing is implemented.
VPN dual-network routing: Based on the above method, you only need to establish a NAT route with a VPN, then assign the user name and password to the remote VPN, and specify whether the remote IP address uses a dynamic or static IP address, A dynamic range should be provided. It is best to keep the subnet away from the subnet of the remote network. You can use 10.0.X.X or 192.168.X.X. do not duplicate the network hosts next to it. Static IP addresses are used to prevent multiple logins with the same user name. Achieve dual-line routing. It also uses three NICs.
Remote VPN dialing Policy Routing: it is used to establish a tunnel with the VPN Server, send requests from other first-line networks of a single-line Internet cafe to the VPN Server through the tunnel, and send requests to the Internet through the lines of the VPN Server, dual-line routing is also implemented. NAT is also used to provide Internet access for machines on the local LAN. Two NICs are used. The NAT settings are similar to the setting method of a Single-network NAT soft router, which has a policy route and a VPN dial-up connection.