Re: 2003 server config for routing and remote access

From: Bill Grant (not.available_at_online)
Date: 05/15/04 

Date: Sun, 16 May 2004 09:27:10 +1000

    The internal network interface has nothing to do with this. It is only
used for remote access. If a RAS or VPN client ever connects to this server,
the internal interface will come to life. That's what it is for. It acts as
the server end of the point-to-point connection from a remote client.

    To get back to your original problem. All the RRAS router has to do is
act as a LAN router to get the traffic to the other private subnet. It does
not need NAT. However you will probably need to add a static route to your
Cisco so that it knows how to reach the 192.168.0 subnet (via the RRAS
router).

    So your network looks something like this.

Internet
    |
 Cisco
192.168.1.1
        |
   clients
192.168.1.x dg 192.168.1.1
        |
192.168.1.41 dg 192.168.1.1
    RRAS
192.168.0.41 dg blank
        |
192.168.0.x dg 192.168.0.41

    All you need is a route on the Cisco to forward traffic for 192.168.0.0
to the RRAS router. eg

    192.168.0.0 255.255.255.0 192.168.1.41

"Realsaulnier" <realsaulnier@hotmail.com> wrote in message
news:3f121d82.0405150306.3ae2ea48@posting.google.com...
> The router works fine. As I said the server sees the internet. The IP
> on the router is 192.168.1.1 and yes the the router could do the NAT
> for me but the idea of setting this up is the server would be the
> proxy/firewall for the network. All the PC's are set to DHCP and run
> IP's in the 192.168.0.X range. they all see the network fine. They run
> through the first NIC (192.168.0.41)on the server. This is also setup
> as the default gateway for the network. the other NIC on the server is
> (192.168.1.41) and uses the router as the gateway out to the internet.
> This also is working fine. The problem is the "Internal network
> interface" This is not an actual card, this is something that
> microsoft installs in the routing and remote access service to allow
> the two networks see each other. everything other than that interface
> is working. the fact that the setting on that interface say
> Non-operational and administrative status unknown makes me think this
> is where the problem is. Are there any settings in windows, DNS
> settings, security policies, active directory, that could affect this
> interface?
>
>
>
> "Bill Grant" <not.available@online> wrote in message
news:<#x65nBiOEHA.556@tk2msftngp13.phx.gbl>...
> > It is always a good idea to explain the whole setup in the first place!
> >
> > Can't the Cisco do NAT for your LAN? What address is on the inside
> > interface of the Cisco? A simple diagram of your network (with IP
addresses
> > and default gateway settings) would help.
> >
> > "Realsaulnier" <realsaulnier@hotmail.com> wrote in message
> > news:3f121d82.0405140449.61cdb7b6@posting.google.com...
> > > OK, I changed the LAN nic card to 192.168.1.42. Same problem. My PC's
> > > see the server but can't get past it.from my PC I can ping the NIC on
> > > the network side (192.168.1.42) but I can't ping the nic on the other
> > > side (192.168.0.41)
> > > The NIC going to the internet goes to a cisco router then ADSL modem
> > > and out. This is working fine.
> > >
> > >
> > >
> > > "Bill Grant" <not.available@online> wrote in message
> > news:<OtiaNtVOEHA.3028@TK2MSFTNGP11.phx.gbl>...
> > > > You cannot have the NIC cards in the same subnet. If you use two
NICs,
> > > > one must be in the same subnet as your LAN machines, and the other
must
> > have
> > > > a registered public IP address for NAT to work on this server. How
does
> > your
> > > > server access the Internet?
> > > >
> > > > The interface called internal in RRAS is only used for remote
access
> > > > (RAS or VPN) to this server. It will only become active if a remote
user
> > > > connects to it.
> > > >
> > > > "Realsaulnier" <realsaulnier@hotmail.com> wrote in message
> > > > news:3f121d82.0405130701.45058975@posting.google.com...
> > > > > Hello Bill,
> > > > >
> > > > > Yes I have a card for the LAN side (server LAN) and a card for the
WAN
> > > > > side ( network Conection) both card have a static IP and are
working.
> > > > > Both cards under IP routing/General have
> > > > > Type=Deticated
> > > > > IP address=192.168.0.42 for one and 192.168.0.41 for the second
> > > > > Administrative status=Up
> > > > > Operational Status=Operational
> > > > >
> > > > > The Internal card on the other hand is adiffrent story.
> > > > > Type=Internal
> > > > > IP address=Not available
> > > > > Administrative atatus=Unknown
> > > > > Operational status=Non-operational
> > > > >
> > > > > Does this help?
> > > > >
> > > > > "Bill Grant" <not.available@online> wrote in message
> > news:<ukKemmLOEHA.1312@TK2MSFTNGP12.phx.gbl>...
> > > > > > How does your server connect to the Internet? Is there a NIC on
the
> > > > > > "public" side to act as the public interface for NAT?
> > > > > >
> > > > > > If not, you will need to set up a demand-dial interface and
give
> > it
> > a
> > > > > > default route to the Internet. You can then configure it as the
> > public
> > > > > > interface for NAT.
> > > > > >
> > > > > > "Realsaulnier" <realsaulnier@hotmail.com> wrote in message
> > > > > > news:3f121d82.0405121005.451c2f0f@posting.google.com...
> > > > > > > Hello all,
> > > > > > >
> > > > > > > I have a windows 2003 server setup. My PC's all see the
network
> > and
> > > > > > > each other. My server sees the internet. Now the problem is
the
> > PC's
> > > > > > > can see past the server.
> > > > > > > Under routing and remote access, NAT/Basic Firewall settings
my
> > > > > > > internal network interface will not allow me to to select NAT.
> > > > > > > everything is grayed out. All I can select is private network.
> > > > > > > I also noticed that under IP Routing, General, the internal
> > interface
> > > > > > > says "IP Address" Not available. "Administrative status"
Unknown
> > and
> > > > > > > "Operational Status" Non-operational.
> > > > > > > I could use some help, than you.

Relevant Pages

  • Re: Unable to obtain a server- assigned IP address Try again later or enter an IP address in Net
    ... I can go to Control Panel - Network and Internet Connections - ... If yours is not a subset of your router, ... I have a LINKSYS router (4 port connection) - I have my cable modem ...
    (microsoft.public.pocketpc)
  • Re: Boot-up question on SBS2K3
    ... > The router separates you from the Internet. ... > network. ... >>>> 2 Nics, broadband cable modem connected into the external NIC, ...
    (microsoft.public.windows.server.sbs)
  • RE: Small network with lots of features, questions
    ... Your network sounds overly complicated to me. ... to get to the internet. ... To do that, without using your server as a router, you need ...
    (microsoft.public.windows.server.networking)
  • Re: Need help closing security holes in my Windows XP home system!
    ... >>new portals of access to internet hackers, ... My router came with a default MAC address printed on the bottom. ... > your unique hardware as in your segment of the network - no other device ... > Apply ALL MS Office Updates ...
    (comp.security.firewalls)
  • Re: Open access point for clients
    ... Boss wants clients to have access to internet ... If you knew enough to get the network setup like it is already then you ought to know how to do this. ... If you can't get a second ip then connect one router to your isp and then connect wan ports of two additional routers to lan side of ISP connected router. ...
    (alt.internet.wireless)