Re: NAT router
- From: "Bill Grant" <not.available@online>
- Date: Thu, 15 May 2008 09:57:39 +1000
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message news:e3L56NdtIHA.3804@xxxxxxxxxxxxxxxxxxxxxxx
"Simon James Owen" <SimonJamesOwen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:49A4F749-2357-4010-B96E-228B4B0606F5@xxxxxxxxxxxxxxxxThanks for the response. I have changed the IP scheme of the internal
interface to subnet 255.255.255.0 and the subnet of the external interface to
255.255.254.0. I have disabled and reconfigured RAS stating the connection to
use for the internet.
Those are not subnets,...those are Subnet Masks.
Use 255.255.255.0 on *Everything*
The Subnet is identified by the Net-ID in combination with the mask. Multiple subnets can (and usually do) have the same Mask. Here is an example of multiple subnets:
Net-ID=192.168.25.0
Mask = 255.255.255.0
Broadcast = 192.168.25.255
Host Range = 192.168.25.1-192.168.25.254
Net-ID=192.168.26.0
Mask = 255.255.255.0
Host Range = 192.168.26.1-192.168.26.254
Net-ID=192.168.27.0
Mask = 255.255.255.0
Host Range = 192.168.27.1-192.168.27.254
Net-ID=192.168.28.0
Mask = 255.255.255.0
Host Range = 192.168.28.1-192.168.28.254
Avoid the heavily *over-used* lower numbers (like 192.168.1.0).
The External side of the RRAS NAT Box will be a Public IP# (not 192.168.*.*).
The RRAS NAT box will *replace* any other "NAT router" that may be there. The RRAS box *is* your "router".
If you intend to keep an existing NAT Device then there is no real point in having the Windows RRAS NAT Box in the first place. It is a waist of time and is over-complicating the network by introducting a Back-to-back DMZ where there is no point in one being.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
I agree with Phillip. You have overcomplicated your network setup. If your network already connects to the Internet through a NAT router you do not need NAT on your server. In fact you do not need two NICs in your server. The only reason to have two NICs is to have one NIC in the private LAN and one connected to the Internet and have this device as your Internet router. If you do have two NICs, they must be in different IP subnets (as Phillip pointed out).
You basically have two options.
1. Get rid of the existing NAT device and use the server instead. Set it up as a NAT/VPN server. You can configure NAT so thet both LAN and remote users can access the Internet through this device by adding the RRAS internal interface (which is the VPN connction interface) as a private interface in NAT.
2. Keep the existing NAT device and get rid of the second NIC in the server. The LAN machines (and the server) still use the NAT device as default gateway. Configure the server as a VPN server and test it locally. Configure your NAT device to forward VPN traffic to the server's LAN IP. Your remote access clients can now connect to the VPN server by using the router's public IP or name.
.
- Follow-Ups:
- Re: NAT router
- From: Ace Fekay [MVP]
- Re: NAT router
- References:
- NAT router
- From: Simon James Owen
- Re: NAT router
- From: Phillip Windell
- Re: NAT router
- From: Simon James Owen
- Re: NAT router
- From: Phillip Windell
- NAT router
- Prev by Date: Re: VPN/DHCP on Windows 2003
- Next by Date: Re: Windows 2003 and ISA 2000 SP2 - traffic blocked after VPN conn
- Previous by thread: Re: NAT router
- Next by thread: Re: NAT router
- Index(es):
Relevant Pages
|
