I must have missed something, can someone cast their eye over this setup?
We have a LAN on subnet 10.1.0.0/16 (GW 10.1.1.254) and a separate guest LAN on 10.11.0.0/16
Our RRAS server has 2 NICs- #1 10.1.1.140 (GW 10.1.1.254) and #2 10.11.0.140 (no GW) VPN has ipv4 set to pull its DHCP from the scope on NIC#2 pool (10.11.0.0)
The firewall appliance takes a public IP and NATs it to 10.1.1.240
clients can VPN in and they get an address on 10.11.x.x correctly, the connection policy works fine - only people "allowed" can get on. They can see other PCs on the 10.11.0.0 subnet but nothing on the 10.1.0.0 subnet.
I thought that perhaps the "GW" 10.1.1.254 might need a route to send 10.11.0.0/24 onto NIC#1 but that didnt work either. I thought RRAS would be able to route naturally since it has both the NICs. I must be missing a route somewhere, can anyone see where it is?
Minor error, the NAT from public IP should have been 10.1.1.140 (i.e. NIC#1 on RRAS box) silly fingers...
NIC#2 guest LAN is an isolated LAN btw, no internet (as yet) though I could VLAN it to the firewall if necessary (i'd rather not though)
Well I gave up on RRAS doing the routing. I set up the RRAS box to simply VPN and disabled the ipv4 routing portion. I then added a virtual port onto our firewall and let the firewall do the routing (and ACL). All works now.
I have no idea why RRAS wouldnt route between 2 NICs in this case.