Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?

On Sep 14, 11:48 am, "Phillip Windell" <philwind...@xxxxxxxxxxx>
wrote:
Mark,
Does the physical layout of your system match the diagram that Bill gave?
We need to be sure we are picturing the correct thing in our minds.

By the way, they are all RFC Private Address, there is no "secret" about
them, we all use them, and they aren't accessable from the "outside" anyway.
Hiding the exact number with an "x" may only cloud the issue and cause
confusion,...worse yet, they may actually hide the very misconfigureation
that we need to see. Please use the actual numbers.

Here's Bill's diagram reposted:

Internet
|
Public IP
gateway router {static route 192.168.277.0 255.255.255.0 192.168.100.n}
192.168.100.1
|
LAN machines
192.168.100.x dg 192.168.100.1
|
192.168.100.n dg 192.168.100.1
RRAS
192.168.277.1 dg blank
|
virtual machines
192.168.277.x/24 dg 192.168.277.1

On the DNS,...I've tried the follow the posts but I may have lost track of
what you are doing with that. I recommend that you keep it simple, and I
would recommend this method (maybe it is what you are doing anyway):

All machines on the 277 LAN use their own DNS for resolution and should not
use any DNS anywhere else. The 277 DNS would then have the AD/DNS from the
100 LAN listed in the Forwarders List. The 100 LAN should follow the same
pattern and have all of the 100 LAN Clients use only their AD/DNS and no
other. The 100 DNS then uses the ISP's DNS as a Forwarder and the Firewall
needs to allow that DNS to make the outbound DNS queries.

This will allow the 277-Machines to resolve names on both the Internet and
on the 100 LAN. The 100-Machines will resolve their own names and the
Internet but will *not* be able to resolve name on the 277 LAN. To have
full resolution in every direction will probably require setting up Zone
Transfers between the the DNS of both LAN's and the ISPs DNS will be the
Forwarder on both DNS's.

Even with DNS Full Resolution, accessing resources would be denied unless
there is a Trust established between the Domans and have proper permissions
set up accordingly.

--
Phillip Windellwww.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


I'll start the description from scratch.. and maybe this will shed
some light:

I have a symantec gateway router.. connected to the internet and my
internal .100 lan (call it the real lan).
On this device I setup the static route.. It is set to 192.168.227.0,
255.255.255.0 mask, 192.168.227.6 gateway (the RRAS on the virtual
LAN). This static entry also asks what interface to create the route
on.. so I chose the internal interface.. the other two options are
WAN1,2.

In order to resolve names, using at least FQDN.. i then had to goto
the DNS on the .100 lan and... Right click the DNS server name..
properties.. Forwarders tab.. then.. rather than just clicking on "all
other dns domains" and adding the .227.2 (dns server) entry.. it
seemed i had to click the "new" button.. create a new DNS domain.. so
i put in psttest.local (our virtual lan domain name).. i then clicked
on that entry.. and entered the .227.2 address for the DNS server.

Then on the virtual lan.. i did this same thing.. only i created the
new dns domain called pst.local and then clicked the entry and added
the .100.2 (dns server) entry there.

On the RRAS server.. I have two nics.. (virtual server).. one is
called "pst.local" while the other is "psttest.local".. the pst.local
nic has a .100.x address and the other has the .227.x address.

At this point i can ping either domain.. but only by FQDN.. ie: from
production: ping vpcServerA.psttest.local works fine and then the
reverse works fine from the test lan.

If i try to ping an ip address on the internet.. ie: www.google.com
's ip address (not domain name).. it Fails.. likewise of course
pinging it by name fails.

I tried going into the RRAS server and adding the NAT protocol.. i
wasnt sure if this was needed .. this didnt help things.. though I may
have had it configured wrong.

Any thoughts on the step i'm missing to make internet pings work? Did
I do the DNS entries correctly in the forwarding tab? (I haven't done
any zone transfers or adding extra name servers thus far, as they dont
seem necessary since these are independent domains).

Thanks

.

Loading