I have 2 stand alone LANs, in 2 different cities. Each LAN consists of multiple Windows XP workstations, a Server and a router that provides access to the internet via a DSL line. LAN 'A' is subnet 192.168.1.n and the Server is a Linux box. LAN 'B' is subnet 192.168.2.n and the Server is a WinNT box. I now have a need to connect these two LANs so that the workstations on LAN 'B' can access the Linux Server on LAN 'A'. I installed a second DSL line in each location, along with a VPN router. I installed a second NIC in the Linux Server on LAN 'A', with an IP of 192.168.4.10 and connected it directly to the VPN router (192.168.4.4) (ie, it does NOT connect to the local switch and is independent of the local LAN 'A'). I can now successfully browse the internet from either NIC on the Linux Server. I successfully configured both VPN routers to connect a VPN tunnel. My question is how to connect the VPN router to LAN 'B' so that everything works at that location. I need for each workstation to be able to browse the web via the old DSL and router, but then access the LAN 'A' Server via the new DSL and VPN router/tunnel. Each XP workstation currently only has a single NIC (192.168.2.n), and the default gateway for each is 192.168.2.254, which is the old router. I would like to be able to connect the VPN router to the existing switch, and then route(?) requests for 192.168.4.10 to the VPN router, 192.168.4.4. Will this work, or am I missing something? The 2 sites are FAR apart and I would like to have the logic worked out before I travel to the LAN 'B' site. Has anyone done this before?

I'd go with 1x DSL connection at each end...instead of 2. Not dual NICs. Have a router that supports "router to router VPN tunnels", which it appears you do.

I'm not positive...as I haven't tried this before with dual gateways...but I don't believe you'll have a good time with 2x gateways.

Are you running active directory?

What's missing is the fact that Winders does not like multiple gateways and does not handle them well.

Why the second DSL line at each locale, so that internet access bandwidth does not take away from site-site traffic and vice-versa?

The problem with this model is that the LAN side of your VPN router at site B must have a different IP scheme, say 192.168.5.xxx/24 for example, and so you can set an additional IP on your single NICs in site B, but there is no logic in Winders to say that requests for 192.168.4.10 need to originate on the 192.168.5.xxx interface and therefore the .5.xxx gateway which will be your VPN. You would have the same problem if you installed dual NICs at site B and a separate switch to site B's VPN router.

The only way I can think of to do this with the separate DSL lines is to have a router upstream of your switch in which you can apply the logic by way of a route, that will pass 192.168.4.xxx traffic through the correct DSL circuit/VPN. I believe you can do this with a Linksys RV0 series router like the RV082 (stay away from the RV042), but am not 100% sure without running some models. Yeold??
--C

1. We need 1 DSL for large file downloads and the second for VPN-VPN tunneling. The file downloads would interfere with the VPN user throughput.

2. I agree with the dual gateways. But why can't I add a route to each site 'B' PC (192.168.2.n) to route all traffic for 192.168.4.10 thru the 2nd router at site 'B' (192.168.2.4)?

3. We are not running Active Directory

1. We need 1 DSL for large file downloads and the second for VPN-VPN tunneling. The file downloads would interfere with the VPN user throughput.

If you have a setup which fights for control over traffic...with some of my clients where I've needed to have more dedication to the VPN tunnel...I've used routers which support dedicating a percentage of the internet pipe to the VPN tunnel. Sonicwalls support this. That way no matter how much internet radio the office workers are listening to...the VPN doesn't suffer.