I have a RRAS WS2k8r2 server with two NICs:
- public NIC is in the DMZ network segment behind a firewall (which does NAT by itself);
- private NIC is in the local network segment.
The same firewall takes care of all the traffic from local and DMZ segments to the Internet.
Now, VPN clients receive IP4 addresses from the local segment scope, so they can reach private network just fine, but they cannot reach internet. The "use default gateway .." option is enabled.
I could implement NAT on the RRAS server itself, but I suppose this would mean that the traffic is natted twice (on the RRAS and the firewall), and the traffic from VPN clients to the internet would go through the DMZ segment. I prefer to have the same policies for VPN clients as they are set for PCs in the local network segment.
So, how to route the VPN clients' traffic to the internet through the local subnet, without NAT on RRAS? Maybe VPN clients should be on separate segment, and RRAS is in between this segment and local segment. How to accomplish this?
Thanks!