Communication between multiple VPN Sites

Hello,
i used 3 CEs and 2 PEs, build a hub and spoke MPLS VPN topology as follow, two the overlapped addresses 100.100.100.100 reside separately in VPN1 of R1 and VPN2 of R2. But traffic initiated by 100.100.100.100 from VPN1 toward VPN3 was always redirected through R5 to VPN2. Is there any solution of this issue?
thanks!

Hi
You can not have overlapping addresses in a scenario like this, where You are leaking between vpn:s.
When traffic is arrived towards 100.100.100.100 on r4 et0/0 there are no way for r4 to know wich of the 2 (r1 or r2) that the traffic is intended to go.
/Mikael

Similar Messages

  • Can not ping between remote vpn site ???

    site A is l2l vpn,  site B is network-extend vpn,  both connect to same vpn device 5510 at central office and work well.  I can ping from central office to both remote sites,  But i can not ping between these two vpn sites ?  Tried debug icmp, i can see the icmp from side A does reach central office but then disappeared! not sending to side B ??  Please help ...
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network SITE-A
     network-object 192.168.42.0 255.255.255.0
    object-group network SITE-B
     network-object 192.168.46.0 255.255.255.0
    access-list OUTSIDE extended permit icmp any any 
    access-list HOLT-VPN-ACL extended permit ip object-group CBO-NET object-group SITE-A 
    nat (outside,outside) source static SITE-A SITE-A destination static SITE-B SITE-B
    crypto map VPN-MAP 50 match address HOLT-VPN-ACL
    crypto map VPN-MAP 50 set peer *.*.56.250 
    crypto map VPN-MAP 50 set ikev1 transform-set AES-256-SHA
    crypto map VPN-MAP interface outside
    group-policy REMOTE-NETEXTENSION internal
    group-policy REMOTE-NETEXTENSION attributes
     dns-server value *.*.*.*
     vpn-idle-timeout none
     vpn-tunnel-protocol ikev1 
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value REMOTE-NET2
     default-domain value *.org
     nem enable
    tunnel-group REMOTE-NETEXTENSION type remote-access
    tunnel-group REMOTE-NETEXTENSION general-attributes
     authentication-server-group (inside) LOCAL
     default-group-policy REMOTE-NETEXTENSION
    tunnel-group REMOTE-NETEXTENSION ipsec-attributes
     ikev1 pre-shared-key *****
    tunnel-group *.*.56.250 type ipsec-l2l
    tunnel-group *.*.56.250 ipsec-attributes
     ikev1 pre-shared-key *****
    ASA-5510# show route | include 192.168.42 
    S    192.168.42.0 255.255.255.0 [1/0] via *.*.80.1, outside
    ASA-5510# show route | include 192.168.46
    S    192.168.46.0 255.255.255.0 [1/0] via *.*.80.1, outside
    ASA-5510# 
    Username     : layson-ne           Index        : 10
    Assigned IP  : 192.168.46.0           Public IP    : *.*.65.201
    Protocol     : IKEv1 IPsecOverNatT
    License      : Other VPN
    Encryption   : 3DES                   Hashing      : SHA1
    Bytes Tx     : 11667685               Bytes Rx     : 1604235
    Group Policy : REMOTE-NETEXTENSION    Tunnel Group : REMOTE-NETEXTENSION
    Login Time   : 08:19:12 EST Thu Feb 12 2015
    Duration     : 6h:53m:29s
    Inactivity   : 0h:00m:00s
    NAC Result   : Unknown
    VLAN Mapping : N/A                    VLAN         : none
    ASA-5510# show vpn-sessiondb l2l
    Session Type: LAN-to-LAN
    Connection   : *.*.56.250
    Index        : 6                      IP Addr      : *.*.56.250
    Protocol     : IKEv1 IPsec
    Encryption   : 3DES AES256            Hashing      : SHA1
    Bytes Tx     : 2931026707             Bytes Rx     : 256715895
    Login Time   : 02:02:41 EST Thu Feb 12 2015
    Duration     : 13h:10m:03s

    Hi Rico,
    You need to dynamic-nat (to available IP address) for both side for each remote subset to access the other remote side subnet and so they can access each other subnet as if both originating the traffic from your central location.
    example:
    Lets say this IP (10.10.10.254) is unused IP at central office, permitted to access remote tunnel "A" and site "B".
    object-group network SITE-A
     network-object 192.168.42.0 255.255.255.0
    object-group network SITE-B
     network-object 192.168.46.0 255.255.255.0
    nat (outside,outside) source dynamic SITE-A 10.10.10.254 destination
    static SITE-B SITE-B
    nat (outside,outside) source dynamic SITE-B  10.10.10.254 destination
    static SITE-A SITE-A
    Hope this helps
    Thanks
    Rizwan Rafeek

  • Communication between multiple JVMs

    We have a Java toolkit that is shipped as a JAR file. The toolkit is ported from a C++ DLL running on Windows. Therefore, in both instances (Java and C++), we can't control who loads us or when.
    I need to communicate between different JVMs running on the same machine. The communication is very simple: "Is this user logged on in your JVM?" I send a string to the other JVM and I get back a boolean. I don't need to worry about crossing machine boundaries. Also, I'm not expecting to have a huge number of JVMs running. Maybe 3 or 4 could be likely. However, the solution does need to scale in case there are more than that. I'm not setting a limit on the number of JVMs either.
    The C++ code handled this situation very easily and elegantly. It created a named system semaphore (mutex) whenever a user logged on. The name of the mutex was the username. So, if there were multiple instances of the DLL running in separate processes (EXEs), we could easily tell if this user was logged on in another instance. We'd try to create the system semaphore - it would fail saying the name already exists. Therefore, we'd know the user was already logged on. The named system semaphore provided the means for a machine-global list - which is exactly what we wanted. It also had this extra benefit: if the process terminates normally or abnormally, the system semaphore is removed from memory. This means: the application is terminated, the user is no longer logged on, and we can relog this user on.
    Therefore, I have 2 requirements:
    1) A machine-global list where we can place a string. Keep in mind, it doesn't absolutely have to be a machine-global list. A suitable means to talk to other JVMs is acceptable too.
    2) If the process exits normally or abnormally, the string(s) get removed (for this JVM) from the list. Abnormal termination is the more important one to focus on because lots of people of varying skill levels use our toolkit. Abnormal terminations can be common.
    The first thought is to store these in a file. That solves #1, but not #2. I've seen the JIPC package. However, I'm not too crazy about requiring 3rd party developers to start up another program (JIPC) before they start up their application. As I said, we're just a toolkit so we can't control when or who loads us. It's not totally out of the question, but I'd prefer something else.
    I have a fairly involved solution that involves sockets. The first JVM creates a ServerSocket on a specific port and becomes the server. Subsequent JVMs also try to create the ServerSocket on the same port. They get a BindException because the ServerSocket already exists, so they know they're clients. Then, they create a client socket and talk to the server that way. This gets a little hairy when the server goes away. The clients will scramble to become the server and then all the other clients need to reconnect to the new server.
    This proposed solution sounds like it will address both requirements. However, I'm looking for something simpler. I'm asking this forum for help in case there's an easier way to do this. I don't have the breadth of experience with Java yet to know if there's a simpler way to fix this. If I have to go with the socket solution, I will. I just didn't want to overlook something simple that is already built into Java.
    Thanks for any tips or suggestions

    Thanks for the response.
    FileLock. We still have to target JDK 1.3 so we can't use FileLocks (at this point)
    JNI: That's an interesting idea. I suspect many people are using our software on Windows. Therefore, we could probably fix it in Windows the same as in the C++ code. If they're not on Windows, we could use the Sockets approach.
    I also had another idea: how about hashing the username string into some integer (or long) value. Then use the hashed value to lock some other resource: like the port number passed to ServerSocket. I know ServerSocket only accepts 0 - 0xFFFF so this obviously won't work. But is there some other system-wide thing we could lock given an integral value?

  • GPIB Communication between multiple devices

    Hello, 
    I am trying to build an application in C# which will be able to send commands to more than one device on the GPIB BUS.
    For example I have 3 devices connected to the computer with addresses as:"GPIB0::18::INSTR","GPIB0::19::INSTR","GPIB0::28::INSTR"
    Now, I know how to communicate with a single device. 
    But is there a way I can send commands to multiple devices. So far I have the following. 
    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Linq;
    using System.Text;
    using System.Windows.Forms;
    using Ivi.Visa.Interop;
    namespace Step_Attenuator
    public partial class Form1 : Form
    ResourceManager rMgr = new ResourceManager();
    Ivi.Visa.Interop.FormattedIO488 ioobj = new FormattedIO488();
    object resources = null;
    string address1 = "GPIB0::18::INSTR";
    string address2 = "GPIB0::19::INSTR";
    string address3 = "GPIB0::28::INSTR";
    public Form1()
    InitializeComponent();
    private void PsaComm()
    private void Form1_Load(object sender, EventArgs e)
    private void button1_Click(object sender, EventArgs e)
    ioobj.IO = (IMessage)rMgr.Open(address1);
    ioobj.WriteString("*RST");
    But now If I want to send a RST command to say device on address2, do I have to again open the session and send it?
    There are going to be a lot of commands to these devices. I am sure there is a much simpler way to do it. 
    Please pardon me if this seems to be a silly question. 
    Thank You. 

    Hi nmedelec,
    I made a research about “Ivi.Visa.Interop.FormattedIO488” and it seems that it is related with Ivi.Visa.Interop which is a third party product. If you have any issue about a third party, I would recommend you go to the office site for help.
    Thanks for your understanding.
    Best Regards,
    Edward
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

  • Communication between multiple processes

    Hi there!
    I have once again a problem concerning paralel processing in ABAP.
    The problem is that:
    I want to write a programm which invokes a process that can recursive invoke another process and so on.
    Let me try to picture it out:
    -> means invokes
    Main Program -> Thread1
    Thread 1 -> Thread 2
    Thread 2 -> Thread 3
    Thread 2 -> Thread 4
    Thread 4 -> Thread 5
    Thread 5 -> Thread 6
    As you can see I have several Threads invoking another Thread. The structure of Threads invoking each other will be dynamic. Now I face the following problem:
    I want just a few threads to run at the same time (let's say for now 3) and there are dependencies between the Invoker and the invoked Thread (e.g. Thread 3 needs some information from Thread 2).
    How can I let my Main Program know that all the data is ready? Does the WAIT UNTIL statement also applies for these nested threads?
    How does Thread 5 e.g. know that there are already too much processes running and he has to wait?
    Is there a possibility how I can queue these processes?
    sth like:
    Thread 1 - Thread 2 - Thread 3 - Thread 4 - Thread 5 - Thread 6
    If prerequisites for Thread 3 are not fullfilled it would look like:
    Thread 1 - Thread 2 - Thread 4 - Thread 5 - Thread 6
    and so on...
    The problem is the communication over the bounds of Threads. This dynamic structure is neccessary due to the large data amount that I have to handle. Due to restrictions I can only use a function group and a report. No database tables or stuff like that is allowed.
    I hope I was able to point out my problem. If it was to unclear please let me know it, then I will try to specify it more.
    Thank you in advance for your help.
    Best Regards,
    Sebastian

    @ Sandeep:  Thanks for your answer I am going to have a look at that
    @ Thomas: These nested Calls would be useful because of the amount of data that has to be processed. Think about a Tree with over 200.000 entries. For each entry there is the requirement for Check if corresponding dataset is right, if necessary Adapt data and Update on the database.
    The approach with the nested threads would check a single node, looks whether there are child nodes and if so starts a thread for processing the child nodes. These would check each child node and if neccessary starts another thread and so on. Child nodes can only be changed if parent change was successful so I have the dependency right here.
    Yesterday I had another idea that should work:
    My Main Programm first checks the root node and then the direct childs of the root node (1st hierarchy level). Then invokes a thread for each child node which has again child nodes and for which changes applied (2nd hierarchy level. Each thread 'returns' a list of nodes for which once again the main program should invoke another thread and so on. (This would build up a queue for processing within the Main Program)
    It is a similar approach to the think with nested threads but the control structure is more clear and there is no nesting of threads neccessary.
    Thanks and Best Regards,
    Sebastian

  • Communication Between Multiple Executables

    I'm building a system that needs to communicate with several different external executables (all were programmed in LabVIEW) at approximately the same time.  I say several because this number is not known until runtime, and I say approximately the same time because all of the executables will be communicating asynchronously.  Essentially I need to receive commands from each executable, put them in a queue of some sort, run a test with my system in the order the commands were received, and then send a result back to each executable.
    Because the number of external executables is not known until runtime, I was thinking about using a network published variable that would be an array of clusters.  I could then tell each executable which array element it should use to communicate with and then when data needs to be sent back and forth I could update or read from this array element in each executable as necessary.  In my VI, I would simply build a watcher that would constantly watch the array to see if new data came in, put this data in a queue, and then process it as necessary.  The communication back to the executables would be handled in the same way (perhaps with a second network published variable only to be used for results).
    The problem with this approach is that I would need to lock the network published variable (a functional global would really help here) while I'm writing to it from each of the executables so I could be sure that I wouldn't miss data.  The number of commands won't be high, but there is a chance that 2 commands could arrive at the same time.  I've played around with this in the Shared Variable Properties dialog ("Single Writer" and "Use Buffering"), but can't seem to get it right.
    I know that I could open a TCP communication port for each executable and then use that port to communicate directly between my program and the executable, but I was wondering if anyone had any other suggestions.  If you've got a suggestion, I'd love to hear about it.  Thanks.

    You can use a network queue. The attached code works very well for us. It is a modified version from some code I got from LAVA several years back. Just unzip this file into your user.lib directly. The queues work like normal queues except they work over TCP. This means your messages will be added to the receiving queue in the order they were sent. Simply dequeue the commands and execute them.
    Mark Yedinak
    "Does anyone know where the love of God goes when the waves turn the minutes to hours?"
    Wreck of the Edmund Fitzgerald - Gordon Lightfoot
    Attachments:
    Network Queue Class.zip ‏361 KB

  • Communication between multiple remote flash instances

    I am relatively new to Flash development, but need to create a simple application that will essentially function as a remote slideshow broadcast service. One presenter will see the show (full screen) and will be able to proceed to the next slide, all other attendees will only see the show (no control) and will see the next slide when the presenter proceeds. I have a Flash Media Interactive Server which can be utilized. I understand that no one will be able to walk me through actual the development process, but was wondering whether someone could tell me what the best approach would be and where I could find tutorials to get started.
    Thanks a lot! Any help is greatly appreciated.

    UPDATE: I am particularly confused about what kind of communication method to use. I heard about Socket, SharedObjects, HTTPService, RTMP, RTMFP, etc. could someone advise which would be the best for this situation. I only need to send a very small bit of data.
    Thanks.

  • Communication between multiple page flow portlets

    Hi, I am working on weblogic portal 8.1.
    I've been struggling to communicate between different page flow portlets,
    I have a login page flow portlet and i need to submit login details to indeex page after login action is done.
    I am able to do this by using PageUrl class and RequestDispatcher's forward method using definition label of the index page flow portlet.
    but it is not happening again when i logged out.
    If anybody have worked on it, please let me know the soltution.
    Thanks,
    Vidya sagar

    Not sure whether you tried this option(I tried it works for me).
    configuration has to be done is portlet-2:
    =========================
    Create an custom event namely(messageCustomEvent) and also add an action for it for invoking a portlet method getMessage in Portlet-2.
    //Place this method in Portlet-2
    public void getMessage(ActionRequest request, ActionResponse response,
    Event event) {
    CustomEvent customEvent = (CustomEvent) event;
    String message = (String) customEvent.getPayload();
    response.setRenderParameter("message0", message);
    configuration has to be done is portlet-1:
    =========================
    when click on Login in portlet1, in the pageflow code you fire an custom event as shown below
    PortletBackingContext context =
    PortletBackingContext.getPortletBackingContext(getRequest());
    context.fireCustomEvent("messageCustomEvent", form.getMessage());
    return new Forward("success");
    Thanks & Regards,
    Murali.
    ============

  • Communicating Between Multiple LabVIEW Executables on different computer using Shared Variables

    hi,
    I need to develop some executables which will be launched on different computer of a LAN. Some DATA are common. I need to share the data using shared variables.
    I usually used LabVIEW so I 'm familiar with shared variables but in this case, the RT target is a part of my
    project.
    I do I need to procceed in my case?
    thanks

    Ok but it's not my configuration and I haven't found my answer in the tutorial.
    You speak of a case where there is a computer and a RT target under the same LabView project. As I said earlier, I often use labview RT and shared variable between computer and RT target. But I assume here it's different.
    My question is : how do you acces to the SVE from 3 computers (without any RT target)? 
    1. If I create 3 labview projects using the same Shared Variable, do I need to use the same .lvlib on each project?
    2. Is it possible? 
    3. How can I configure where the SVE should be? When I use a RT target, It only depends where I put my Lvlib. But here there is 3 projects. 
    James
    Attachments:
    Sans titre.JPG ‏9 KB

  • Communication between multiple vrf context on fwsm

    i have 2 vrf context on fwsm of 6509 switch. i want to reach from vrf context1 inside to vrf context inside. how can i do it?
    vrf_context1_inside----6509_fwsm----vrf_context2_inside
    vrf_context1_inside must reach to vrf_context2_inside

    Thanks for the response.
    FileLock. We still have to target JDK 1.3 so we can't use FileLocks (at this point)
    JNI: That's an interesting idea. I suspect many people are using our software on Windows. Therefore, we could probably fix it in Windows the same as in the C++ code. If they're not on Windows, we could use the Sockets approach.
    I also had another idea: how about hashing the username string into some integer (or long) value. Then use the hashed value to lock some other resource: like the port number passed to ServerSocket. I know ServerSocket only accepts 0 - 0xFFFF so this obviously won't work. But is there some other system-wide thing we could lock given an integral value?

  • MobileMe and working on a site between multiple Macs

    In an article I was reading, the following was noted:
    iDisk balks at file packages like iWeb's Domain.sites2 file, making it +difficult for MobileMe users to work on an iWeb site between multiple Macs+.
    Does that mean working at the same time? Or, if for example I'm doing my site on my personal iMac, and then went to college or wanted to work on a MacBook for instance, cannot I complete working on my site through MobileMe?
    I may not be getting it clear.
    Thanks.

    if for example I'm doing my site on my personal iMac, and then went to college or wanted to work on a MacBook for instance, cannot I complete working on my site through MobileMe?
    The point is that to work on an iWeb site with two computers, both must have a copy of the Domain file. There are various ways to do that, like using a memory stick or Dropbox. But uploading and downloading from MobileMe is most likely not practical.

  • I setup messaging on my verizon, however I have multiple lines on the account and it is showing messaging only for one phone line. Is there a way to toggle between multiple lines on the myverizon site?

    How do I toggle between multiple phone lines while on the myverizon website in regards to messaging?

    The Account Owner can see the call/text logs for all lines on the account, but each line needs its own My Verizon account for messaging and backups.  Those lines will be listed as Account Members and will have limited info. available to them regarding the account.

  • When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a

    i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

    Hi josedilone19
    GRE is used when you need to pass Broadcast or multicast traffic.  That's the main function of GRE.
    Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks
    However there are some other important aspect to consider: 
    In contrast to IP-to-IP tunneling, GRE tunneling can transport multicast and IPv6 traffic between networks
    GRE tunnels encase multiple protocols over a single-protocol backbone.
    GRE tunnels provide workarounds for networks with limited hops.
    GRE tunnels connect discontinuous sub-networks.
    GRE tunnels allow VPNs across wide area networks (WANs).
    -Hope this helps -

  • When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a gre tunnel

    i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

    Jose,
    It sounds like you currently have an IPsec Virtual Tunnel Interface (VTI) configured. By this, I mean that you have a Tunnel interface running in "tunnel mode ipsec ipv4" rather than having a crypto map applied to a physical interface. In the days before VTIs, it was necessary to configure GRE over IPsec in order to pass certain types of traffic across an encrypted channel. When using pure IPsec with crypto maps, you cannot pass multicast traffic without implementing GRE over IPsec. Today, IPsec VTIs and GRE over IPsec accomplish what is effectively the same thing with a few exceptions. For example, by using GRE over IPsec, you can configure multiple tunnels between two peers by means of tunnels keys, pass many more types of traffic rather than IP unicast and multicast (such as NHRP as utilized by DMVPN), and you can also configure multipoint GRE tunnels whereas VTIs are point to point.
    Here's a document which discusses VTIs in more depth: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html#GUID-A568DA9D-56CF-47C4-A866-B605804179E1
    HTH,
    Frank

  • Multiple Web Sites on OS X Mavericks Server

    I want to run multiple test web sites off my home Mac OS X Mavericks Server 10.9 can someone point me to a good "How to" on the specific of how to use the Server application to create and operate multiple web sites of a single Mavericks Server?
    Example
    MyServer.inno.com          10.0.2.5
    Basic web is up and running....
    I want to host four other web sites off the same machine for testing purposes how do I do that?
    MyServer.inno.com          10.0.2.5
    MyServer.web1.com          10.0.2.5
    MyServer.web2.com          10.0.2.5
    MyServer.web3.com          10.0.2.5
    MyServer.web4.com          10.0.2.5
    so if I go to the server and load
         MyServer.web1.com          10.0.2.5
    it load a different web server.
    My thought is to use virtual host how does Apple / Community recommend I set this up...
    T.

    Please do not squat in the "home.com" domain.  If you're going to use a bogus domain, please use a bogus to-level domain such as server.home.jarvis — .jarvis is not currently a valid top-level domain, though that might change with the way ICANN has been bringing many new top-levels online, so a real registration is safer here.
    Peter Jarvis wrote:
    Assumptions:
         1. The Server is not intended to be publicly accessable from the Internet
    How will it be accessed?  Entirely privately?  No external access?  OK.
         2. Private Network - 10.0.1.X
    I'd probably pick something a little further into 10, such as 10.8 or 10.10, or 10.20.1.x — if you're ever using a VPN, it's best to use a weirder subnet, and I've worked with several folks that have 10.0.1.0/24 subnets.
         3. DHCP Reservation for the Mac Server - 10.0.1.2.
    I usually prefer keep the server and the other fixed-address hosts outside the DHCP pool.
         4. Server Domain name MacServer.home.com
    Are you the registrant for the home.com domain?  (I'd tend to doubt that, and would therefore suggest use of a real and registered domain or subdomain that you have permission to use or (less desirably) use a bogus top-level domain.)
         5. Example Web Site http:www.rouxacademy.com to also run off the same server...
    Is that going to be public?
    Prequisites:
         1. Static Server IP Address / DHCP Reserved IP Address against MAC Address
         2. DNS Service Configured and Running
         3. Web Service Configured and Running
         4. Example Web Site http:www.rouxacademy.com
         5. You have a basic website (with mysql) files available
                   Directory roux_academy (Contains Basic Web SIte files etc)
    OK.
    Steps:
         1. Static Server IP Address / DHCP Reserved IP Address against MAC Address
    The Airport Airport allows you to Reserve and IP address against a MAC (Media Access Control) physicall address of Server Ethernet Card. You can do this or have the Airport allocated DHCP address from 10.0.1.50 and above and statically allocate the server address of the machine.
    I'd leave the server out of the address pool.  So long as the pool and all static IP hosts are in the same block (usually a 255.255.255.0 or /24 subnet) it'll all work, and you won't need to entangle the OS X Server with the DHCP server.
         2. DNS Service Configured and Running
    Install Mavricks, install OS X Server application, launch server app...
    Go to DNS tab, define a new host name MacServer.home.com and associate with 10.0.1.2 IP Addresss
    Start DNS Service...
    Note: DO not publish DNS service via airport to Internet...
    Other than not squatting in that domain, yes.  There's no reason to open TCP or UDP port 53 inbound.
         3. Web Service Configured and Running
    Go to Web Sites tab...
    Click + and create new web site entry
    Domain Name:                http:www.rouxacademy.com
    IP Address:                     Any
    SSL:                               None
    Store Files in:                /Volumes/dev/Library/Server/Web/Data/Sites/roux_academy
    Who can access:          Anyone # I would restrict to a single user
    Additional Domains:     rouxacademy.com
    no http: prefix there, but yes.
    If you're not exposing the server to the 'net (as mentioned above) there's probably no need to restrict.  If you do need to restrict, you'll need to edit configuration files for Apache, or some other technique — maybe a VPN, if you're allowing (controlled, VPN-based) inbound access into your network.
    Start Web Service...
         4. Back to DNS
    Add host name....
    www.rouxacademy.com / 10.0.1.2
    # Do not create an MX record or publish DNS via airport...
    AirPort does not know from MX records, and does not provide DNS services.  AirPort will know about your local DNS server, since you are apparently using the AirPort for DHCP.
    You can also add the DNS translation during step 2; Apache and DNS are not tightly linked here.
    Launch Safari and type
         www.rouxacademy.com          - should launch web site...
         rouxacademy.com                   - should launch web site
    Caveat: the Real rouxacademy.com will not be accesable from the server or local machines on 10.0.1.X network...
    Ah, so there's a key detail — you're playing games and mimicking a real web site?  OK.
    The rouxacademy.com web site will be accessible from the server, as that'll (also) have the DNS translation (and remember the basis for virtual hosting is the client — the server in this case — has a translation for the host — the rouxacademy.com or www.rouxacademy.com domain in this case — and passes that string over the HTTP or HTTPS connection to the web server.   If you really want to keep the server from accessing this web site, then you'll have to push the local translation of that domain into the hosts file, or to a separate DNS server. 
    I'd try to avoid this configuration though, particularly as your references to MX earlier implies that this domain might be more active than just the web services discussed here — trying to run split-horizon DNS means you'll get what's internal and external somewhat tangled, and you'll have to keep mail — for instance — aimed outside and web services aimed internally.  This is possible for many cases, but gets tricky.
    Best to test the web site with a different domain name, and to use /-relative notation for accessing the files, or using the web content management system's configuration settings to control the "published" name of the site.

Maybe you are looking for