How to implement dual-line access of vro in Windows

With the development of China's routing industry, the application of soft router dual-line access is also more extensive, here I mainly explain how to achieve soft router dual-line access in Windows, as we all know, dual-line routing can be implemented using hardware routers and software routers under Linux ROS and Windows), and the hardware of the hardware router itself is dedicated, so the cost is considered, its cpu is mostly 8-bit or 16-bit, and its cache is also several megabytes to dozens of megabytes.

The stability and performance of software routers, especially Windows 2003 vrouters, as long as they do a good job in anti-virus, hardware stability, and attack protection, are definitely not mentioned, especially their ability to process routing requests from large Internet cafes, it is much higher than Linux. VPN dual-line Routing Server: It is set up in a dual-line environment to provide a local LAN dual-line single gateway for Internet access, and to provide a remote VPN dial-up with a server that establishes an IPsec connection tunnel. Remote VPN Dial-Up Policy Routing: A Remote VPN dial-up machine uses a local gateway to access the Internet, and uses a policy route to borrow lines to achieve shared Internet access in the local LAN.

These functions are more flexible than hardware VPN routers, and more suitable for using soft routers. In addition, hardware VPN routing is generally implemented, the number of lines to be processed and the number of remote connections are limited, and for soft routers, as long as the machine can have N NICs, you can achieve N-1 route too much of the useless ), the number of connected users is much larger than that of hardware routers. How can I achieve dual-line access of a soft router?

The following describes the implementation of each soft router in Windows2003:

Dual-network routing: It is relatively simple to implement. It uses three NICs, each of which occupies one network card and the other as an intranet interface. First, use NAT to set the Internet, such as the Netcom interface, as the Internet egress, and set the IP address, DNS, and gateway of the Netcom interface. Only the IP address and DNS are set for the Intranet interface, and then set the telecom interface to multiple NATover loading NAT), so that there are two Internet egress. In this case, you need to set a policy route by adding a static route table, the route table of China Telecom allows China Telecom to go through the telecom interface, and China Netcom to go through the Netcom interface. Only China Telecom can be added. In this way, the dual-network routing is implemented.

VPN dual-network routing: Based on the above method, you only need to establish a NAT route with a VPN, then assign the user name and password to the remote VPN, and specify whether the remote IP address uses a dynamic or static IP address, A dynamic range should be provided. It is best to keep the subnet away from the subnet of the remote network. You can use 10.0.X.X or 192.168.X.X. do not duplicate the network hosts next to it. Static IP addresses are used to prevent multiple logins with the same user name. Achieve dual-line routing. It also uses three NICs.

Remote VPN dialing Policy Routing: it is used to establish a tunnel with the VPN Server, send requests from other first-line networks of a single-line Internet cafe to the VPN Server through the tunnel, and send requests to the Internet through the lines of the VPN Server, dual-line routing is also implemented. NAT is also used to provide Internet access for machines on the local LAN. Two NICs are used. The NAT settings are similar to the dual-line access method of a Single-network NAT soft router, and there is a policy route and VPN dial-up connection.