Re: static routing
- From: "Bill Grant" <not.available@online>
- Date: Wed, 4 Jul 2007 16:38:34 +1000
I wasn't talking about the remote branch router. I was talking about the
corporate router. Both routers must have a demand-dial interface and a
corresponding static route. If the branch office makes a connection without
connecting to a demand-dial interface, routing will not work. Instead of
connecting as a router it connects as a simple remote access client. Instead
of a subnet route, you just get a host route back to the client. So the
server can route to the corporate LAN but machines behind it cannot.
"Robert" <user@xxxxxxx> wrote in message
news:ebhUQHfvHHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
Ok, thats already been done on the remote branch side. On the remote
branch server, the deman dial connection is already made and is connected
24/7. A static route has been added that matches the subnet of the
corporate network. My problem is, users on the remote branch office
network can't access the corporate network (ie; use the tunnel that has
been made), but the server that has made the connection can. There is a
missing link there. The server that made the connection can use the
tunnel, but the users on the same network of this server can't? The users
on this network (were talking about the remote site here) use RRAS (same
server and software that has established the tunnel) to access the
internet. There is something I missed.
Robert
"Bill Grant" <not.available@online> wrote in message
news:OxvVI%23dvHHA.1340@xxxxxxxxxxxxxxxxxxxxxxx
You can't do it manually because the interface doesn't exist until the
connection is made.Is this server running RRAS? If so, you configure a
demand dial interface. You then use the static route wizard to configure
a static route for the subnet of the remote site and select the demand
dial interface from the dropdown list as the interface.
When you make a connction to the server you use the name of the
demand-dial interface as the username. RRAS then connects you to the
correct interface for the calling site (so that you get the correct
subnet for the site. Multiple sites can connect using different dd
interfaces and creating different tunnels.) When the dd interface becomes
active, RRAS adds the static route (which has been stored in the
registry) to the routing table.
"Robert" <user@xxxxxxx> wrote in message
news:e2WKlJZvHHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
OK, I understand, for the most part. On the corporate server, what do I
put in for the gateway on the static route? Here is what I have so far:
Static Route:
Interface (Local Area Connection 2) --this is the only interface
available on the corporate server
Destination: 192.168.17.0
Subnet: 255.255.255.0
Gateway: ?????
Robert
"Bill Grant" <not.available@online> wrote in message
news:OM%23JB7TvHHA.4796@xxxxxxxxxxxxxxxxxxxxxxx
The reson it doesn't work is, as I said previously, routing is a
two-way process. A static route will get the traffic from one site to
the other, but what happens to the traffic in the other direction?
As an example, assume that a workstation in one site tries to ping a
workstsation at the other site. The packet goes to the default router
which has a static route pointing to the "other" site via the point to
point link. Everything is fine. What happens when the target machine
tries to reply? As before, the packet goes to the default router for
that site. This router does not have a route for the private IP subnet
of the first site. It tries to send a reply using its default route
(which is probably out to the Internet). The packet is discarded
because private IPs cannot cross the Internet.
Routing between sites will only work if each router has a static
route for the subnet of the "other" site via the point to point
connection. In this case, the privately addressed packet is encrypted
and encapsulated before it is sent out to the Internet. (That is, the
private traffic between the two private subnets is tunnelled through
the public Internet). The traffic in both directions must use the
tunnel.
"Robert" <user@xxxxxxx> wrote in message
news:%23Mfg8oRvHHA.2068@xxxxxxxxxxxxxxxxxxxxxxx
OK, so if I understand you, I need to create a demand dial connection
on both sides and connect them? I still don't understand how the lan
users on the side that already has the dd connection made can't access
the network, but the machine that made the connection can.
Robert
"Bill Grant" <not.available@online> wrote in message
news:uJAe2yPvHHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
To get routing working between the two sites you will need to set
up a site to site (also called router to router) connection. Routing
is a two-way process. You must have routes on the routers at both
ends to be able to get from a host in on site to a host in the other.
To do it using RRAS routers you need one in each site. The
connection is made between the routers. Each router has a static
route to the other site linked to a demand dial interface. The
"calling" router connects to the dd interface on the answering
router. The static route thehn become effective, routing traffic
through the link.
"Robert" <user@xxxxxxx> wrote in message
news:ue3m2aPvHHA.3356@xxxxxxxxxxxxxxxxxxxxxxx
Yes, your right. Here is the setup:
Branch Office
Server "WAN"
IP: 192.168.16.11
Subnet: 255.255.255.0
Gateway: 192.168.16.1
Server "LAN"
IP: 192.168.17.2
Subnet: 255.255.255.0
Gateway: "None"
Client IP Setup:
IP: 192.168.17.25
Subnet: 255.255.255.0
Gateway: 192.168.17.2
I used static ip addressing on the clients to make it easier. The
clients can connect to the internet just fine, but can't browse the
remote network. The server already has the demand dial interface
connected and I can browse the remote network from the server, but
not from the clients. I can also browse the branch office server
from the corporate office network (clients or servers). Hope this
helps.
Robert
"DanJ" <DanJ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:86B7F4B6-6171-4EC1-97F6-77EF1FE487E7@xxxxxxxxxxxxxxxx
Hi,
Am I right in assuming that the Branch office server itself has the
demand
dial interface?
Also, if that is the case, I assume the client PCs have their
default
gateway set to the LAN IP Address of the Branch Office Server... is
that the
case?
It may be worth doing a Tracert to ensure that the Client PCs are
going the
correct route.
The Static route needs to specify the Demand Dial Interface as the
'Interface' for the Static Route. Specify destination IP Address
and Subnet
Mask for the remote network.
If you can provide a little more info, I may be able to help more,
sorry
this response is slightly vague.
Dan
MCSA MCSE 2000/2003
"Robert" wrote:
I have a branch office of which I am setup a demand dial interfact
for the
network to the corporate office. I can browse resources on the
coporate
network from the branch server, but users on the branch lan
cannot. They
can access the internet, but nothing on the corporate web. I have
done a
million different combinations of static routes so the lan users
can access
the corporate network, but nothing seems to be working. Can
anyone help me
out here? I'm at a loss.
Robert
.
- Follow-Ups:
- Re: static routing
- From: Robert
- Re: static routing
- References:
- static routing
- From: Robert
- Re: static routing
- From: Robert
- Re: static routing
- From: Bill Grant
- Re: static routing
- From: Robert
- Re: static routing
- From: Bill Grant
- Re: static routing
- From: Robert
- Re: static routing
- From: Bill Grant
- Re: static routing
- From: Robert
- static routing
- Prev by Date: Re: static routing
- Next by Date: Re: Trouble with Shares over VPN
- Previous by thread: Re: static routing
- Next by thread: Re: static routing
- Index(es):
Relevant Pages
|
