I have posted a while ago about remote access solutions bu i now have a 'similar' config to the one that i need to configure myself.
its taken from a 851 Router.
The scenario: The users can connect via ADSL to the 851 router (which accepts VPDN connections) the routers F.E 4 is connected to the INTERNET (ADSL Line - static IP)
the idea is tha the remote users can access some serves on the local interfaces.
i have copied parts of teh configuration file i was given, and im trying to make sense of it.. i think i understand some things (im not familiar with these router or such configurations) but i would like to get you help on some more things.
Please let me know if i got the connection steps correct :
From what i see, the remote user will have a VPN connection set up in his OS (i.e XP) pointing to the static address on FE4
once the connection is requested, the router will automatically create a Virtual Acess Interface based on the information provided by the Virtual Template 1. Right?
a 'new interface' is created (virtual Access Inteface) with the IP (192.168.2.1)
the Virtual Template is using ip unnumbered VLAN 1 to use VLAN 1's IP Information i.e IP address (192.168.2.1) and also provide the caller with an IP address from the pool named pptp (specified in Virtual Template 1).
the user has now a connection that can use to communicate with the local LAN serves or go to the internet via FE4 (NATed) and if permited by the ACLs not shown here.
Am i right so far ???
My questions though are:
Q1: The remote peer (user) will get an IP from the range 192.168.10.1 -15 (lets assume 192.168.10.1 /24 )
the IP Address of teh Virtual Access Interface as prodivided by the Virtual Template and VLAN 1 is 192.168.2.1 /24 . Clearly the two IPs are NOT on the same subnet . So how does the remote user can communicate with the router ?
Q2: I assume they have a private IP range for their Servers. Assuming their servers need to have access to the internet, how would they communicate and what would be used as their default Gateway ...does the command ROUTE-MAP NAT have to do anything with this and How exactly ???
I know i might bore u with this , but please help out !!!
Also. If the idea behind this scenario is to be able to connect to the servers and perform some configuration - maintenance tasks, Then wouldnt it be easier if they just used port forwarding for remote Desktop on a PC in their LAN, and then from that PC RDP again to the server ???