Gateway and Subnet Routing
Question: How do you route to an additional, separate gateway and subnet?
Answer:
Add a route in your server's routing table for traffic to go through the additional gateway. Configure client access permissions and use NAT or routing as needed. In complex setups with additional gateways and subnets, these steps ensure connectivity:
Add a route: If Access Server can ping the gateway but not the subnet behind it, add a route in the server's OS routing table. This route should direct traffic for the target subnet through the additional gateway.
VPN client access:
Using NAT: If routing works from the server to the target subnet, NAT can be used to grant VPN clients access. Ensure the correct permissions are set for users and groups.
Using routing: If using routing, ensure the target subnet knows how to route traffic back to the VPN client subnet. Add a route back to the VPN client subnet in the target network's routing table, using the Access Server’s IP as the gateway.
User permissions: Specify additional subnets in the user and group permissions on the Access Server to grant access to these subnets.
Symmetrical routing: Ensure routing is symmetrical; it must work both ways to allow proper communication.
By following these steps, traffic should flow correctly from VPN clients to the target subnet and back.