Many people may not have a special understanding of the soft route function, so I studied the questions about how to implement VPN dual-line access in the soft route function. I would like to share it with you here and hope it will be useful to you. As we all know, two-line routing can be implemented using hardware routers and software routers (ROS in Linux and Policy Routing Technology in Windows), while hardware routers themselves are dedicated, so the cost is considered.
Its cpu is mostly 8-bit or 16-bit, and its cache is also several megabytes to dozens of megabytes. the stability and performance of software routers, especially Windows 2003 soft routes, as long as they do a good job in anti-virus, hardware stability, and attack protection, are definitely not mentioned, especially their ability to process routing requests from large Internet cafes, it is much higher than Linux. VPN dual-line Routing Server: It is set up in a dual-line environment to provide a local LAN dual-line single gateway for Internet access, and to provide a remote VPN dial-up with a server that establishes an IPsec connection tunnel.
Remote VPN Dial-Up Policy Routing: A Remote VPN dial-up machine uses a local gateway to access the Internet, and uses a policy route to borrow lines to achieve shared Internet access in the local LAN. These soft routing functions are more flexible than hardware VPN routers, and more suitable for using soft routing functions. In addition, when hardware VPN routes are implemented, the number of lines processed and the number of remote connections are limited, for the soft routing function, as long as the machine can have N NICs, you can achieve N-1 routing too much also does not use), the number of connected users can be far greater than the limit of the hardware router.
How can I achieve dual-line access of the soft routing function?
The following describes the implementation of various soft routing functions in Windows2003: Dual-network routing: It is relatively simple to implement. Three NICs are used, each of which occupies one segment of the telecommunications network and the other is used as an intranet interface. First, use NAT to set the Internet, such as the Netcom interface, as the Internet egress, and set the IP address, DNS, and gateway of the Netcom interface. Only the IP address and DNS are set for the Intranet interface, then, set the telecom interface to over loading NAT. In this way, two internet outlets are available. In this case, you must set a policy route by adding a static route table, the route table of China Telecom allows China Telecom to go through the telecom interface, and China Netcom to go through the Netcom interface. Only China Telecom can be added. In this way, the dual-network routing is implemented.
VPN dual-network routing: Based on the above method, you only need to establish a NAT route with a VPN, then assign the user name and password to the remote VPN, and specify whether the remote IP address uses a dynamic or static IP address, A dynamic range should be provided. It is best to keep the subnet away from the subnet of the remote network. You can use 10.0.X.X or 192.168.X.X. do not duplicate the network hosts next to it. Static IP addresses are used to prevent multiple logins with the same user name. Achieve dual-line routing. It also uses three NICs.
Remote VPN dialing Policy Routing: it is used to establish a tunnel with the VPN Server, send requests from other first-line networks of a single-line Internet cafe to the VPN Server through the tunnel, and send requests to the Internet through the lines of the VPN Server, dual-line routing is also implemented. NAT is also used to provide Internet access for machines on the local LAN. Two NICs are used. The NAT settings are similar to the setting method of the single-network NAT soft route function, and there is a policy route and VPN dial-up connection.