Cannot get NAT to route in RRAS

---

• From: "Andrew Ward" <AndrewWard@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 24 Jul 2005 07:55:02 -0700

---

My current setup:

Win2k server, SP4 (AD, DHCP server, DNS server, IIS server, Exchange Server)
Two NICs:
NIC1 on subnet 192.168.1.0/255.255.255.0 IP 192.168.1.1
NIC2 on subnet 192.168.0.0/255.255.255.0 IP 192.168.0.1 but disabled and not
connected
ADSL modem to ISP, using PPP dial-up, link assigns static IP
83.67.xx.yy/255.255.255.255, and server IP at the other end 194.106.aa.bb, as
well as DNS addresses etc

NIC1 connected to switch in turn connects to all clients which are assigned
IPs from 192.168.1.5 to 192.168.1.254 by DHCP server.

Internet access to clients is achieved through ICS on the ADSL DUN connection.

This setup has worked fine so far: clients can access internet, DNS server
resolves external addresses for clients OK, external hosts can access IIS web
sites etc.

Here are the routing tables and ipconfig info using ICS:


***** routing table *****

C:\>route print
=====================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 f4 2c 9c 19 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
0x41000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
=====================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 83.67.xx.yy 83.67.xx.yy 1
83.67.xx.yy 255.255.255.255 127.0.0.1 127.0.0.1 1
83.255.255.255 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
194.106.aa.bb 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
224.0.0.0 224.0.0.0 83.67.xx.yy 83.67.xx.yy 1
224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
Default Gateway: 83.67.xx.yy
=====================================================
Persistent Routes:
None


***** ipconfig *****

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : **********
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : **********

Ethernet adapter Sputnik LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-40-F4-2C-9C-19
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

PPP adapter ADSLBroadband:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 83.67.xx.yy
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 83.67.xx.yy
DNS Servers . . . . . . . . . . . : 194.******
194.******
NetBIOS over Tcpip. . . . . . . . : Disabled


However, I want to allow remote access to the server, through VPN and modem
dial-up. So disabled ISC on ADSL DUN connection and enabled RRAS, manually
setting up NATs and dynamic dial link, with the appropriate static route
added. Link successfully connects, and can browse directly on server. Clients
can resolve internet names to correct IPs through the DNS server but cannot
browse.

Here are the routing tables and ipconfig info for RRAS with NAT:


***** routing table *****

C:\>route print
=====================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 f4 2c 9c 19 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
0x1000003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x43000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
=====================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 194.106.aa.bb 83.67.xx.yy 1
83.67.xx.yy 255.255.255.255 127.0.0.1 127.0.0.1 1
83.255.255.255 255.255.255.255 83.67.xx.yy 83.67.xx.yy 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 1
192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 1
192.168.2.1 255.255.255.255 127.0.0.1 127.0.0.1 1
224.0.0.0 224.0.0.0 83.67.xx.yy 83.67.xx.yy 1
224.0.0.0 224.0.0.0 192.168.1.1 192.168.1.1 1
255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
Default Gateway: 194.106.aa.bb
=====================================================
Persistent Routes:
None


***** ipconfig *****

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : ********
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ********

Ethernet adapter Sputnik LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-40-F4-2C-9C-19
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1

PPP adapter {43EF4B9F-EF8B-4947-8662-20124EAE5B7B}:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 83.67.xx.yy
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 194.106.aa.bb
DNS Servers . . . . . . . . . . . : 194.********
194.*********
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1


I have spent weeks troubleshooting this problem and I think I have tracking
the problem down to the default gateway assigned to the ADSL dynamic link.

When ICS is running and the ADSL link is established, you can see that the
default gateway is set to 83.67.xx.yy, same as the assigned IP, which is
understandable, it’s a two host subnet, the client end and server end,
anything will route to the 194.106.aa.bb address. Which is true, routing
works with ICS.

But with RRAS, NAT and a dynamic connection, you can see that the default
gateway is set to the 194.106.aa.bb address, the server end address, not the
client assigned address.

Am I on the right track? Is this the problem? And if so, how do I change the
default gateway? It’s non-settable in RRAS because it’s a dynamic link. Is
there an entry I can add to the routing table? If so, what and how?

Thanks a million in advance for an advice and help, this is really
frustrating.

Andrew.
.

---

• Follow-Ups:
  • Partial solution
    • From: Andrew Ward
  • Re: Cannot get NAT to route in RRAS
    • From: Bill Grant

• Prev by Date: Re: vpn ipsec win2k XP
• Next by Date: Re: VPN - Mapping
• Previous by thread: Re: Is it possible to run a program upon VPN connection?
• Next by thread: Re: Cannot get NAT to route in RRAS
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: problems opening AD Users & Computers ... the decision to make our main DC as a gateway to the internet. ... Connection specific DNS Suffix: ... Description:IntelPro/1000 MT Network Connection ... There is a 2nd DC in our organisation and that server will open up ... (microsoft.public.windows.server.active_directory) Re: sbs2003 and remote office connection ... and then make it a global catalog server... ... the concept of a site-to-site connection was to make a central gateway to ... > present the performance across the VPN is very good. ... > One other option to consider is the possibility of combining ADSL lines. ... (microsoft.public.windows.server.sbs) Re: Outgoing POP3 email missing/lost/not received ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ... (microsoft.public.windows.server.sbs) RE: Member server Gateway changes with RDC connection. ... I understand the gateway gets changed when the ... server is connected to sbs via Remote Desktop after you have created VPN. ... every user's logon script is SBS_LOGIN_SCRIPT.bat. ... Member server Gateway changes with RDC connection. ... (microsoft.public.windows.server.sbs) Re: Cannot connect client to server 2003 ... you need to reconfigure the IP schema of your SBS ... On the SBS 2003 Server open the Server Management console. ... On the Connection Type page, click Broadband, and then click Next. ... Alternate DNS server, type the IP addresses that are provided by your ISP ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.ras_routing  > 2005-07