Re: RRAS server separating two subnets - one subnet cannot reach the Internet and computers can't ping each other between subnets

---

• From: "Bill Grant" <not.available@online>
• Date: Fri, 19 Sep 2008 14:54:35 +1000

---

"Spin" <Spin@xxxxxxxxxxx> wrote in message news:6jge46F37fekU1@xxxxxxxxxxxxxxxxxxxxx

Gurus,

I have a small lab with a bunch of servers setup on two different subnets, 192.168.1.1 is the gateway for one and 172.16.1.1 is the gateway for the other. Installed on my Windows 2003 SP2 RRAS server are three NICs, the third NIC is the gateway to the Internet.

What works: The RRAS server can reach the Internet as well as the computers in the 192.168.1.0/24 subnet (the first subnet built).

What's broken: The computers on the 172.16.1.0/16 subnet cannot get to the Internet AND no computer in either subnet can ping any computer in the other subnet. What am I doing wrong?

Additional details:

192.168.1.0/24 subnet computer XP1:

Host Name . . . . . . . . . . . . : XP1
Primary Dns Suffix . . . . . . . : alpha.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : alpha.local
alpha.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : alpha.local
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #2
Physical Address. . . . . . . . . : 00-0C-29-4C-D8-52
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.10
DNS Servers . . . . . . . . . . . : 192.168.1.10
Lease Obtained. . . . . . . . . . : Thursday, September 18, 2008 9:31:05 PM
Lease Expires . . . . . . . . . . : Friday, September 26, 2008 9:31:05 PM

------------------------------------------------------

172.16.1.0/16 subnet computer XP2:

Host Name . . . . . . . . . . . . : XP2
Primary Dns Suffix . . . . . . . : alpha.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : alpha.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter

Physical Address. . . . . . . . . : 00-0C-29-E1-E7-07
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.1.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 171.16.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.10

--
Spin

That is how IP routing works.

As soon as you have multiple routers and multiple default gateways, default routing fails. Traffic from your internal network can get to the gateway router by default, but there is no return path. You will need to add some extra routing to your gateway router to get it running (or run the router as a NAT router).

Running with NAT solves the routing issue (because all traffic from the internal subnet will be using the router's "public" IP) but also isolates the inner network from the other. (ie the machines behind NAT can see the machines in the other subnet and the Internet, but not vice versa because NAT is a one-way translation). This is how I run my private virtual network.

If you really want normal routing between the subnets you need a route on the gateway router to bounce traffic for the internal network back to the internal router. The default route of the gateway router points out to the Internet!

Internet
|
gateway router
192.168.1.1
|
workstations
192.168.1.x dg 192.168.1.1
|
192.168.1 254 dg 192.168.1.1
RRAS
172.16.1.1/16 dg blank
|
workstations
172.16.x.y/16 dg 172.16.1.1

If RRAS is configured as a NAT router, this works. All traffic from the 172.16 network reaching the gateway is using the RRAS server's 192.168.1.254 address. The replies come back to the NAT router and it delivers to the client.

Without NAT, this fails. If you try to access a machine in the 192.168 subnet, the reply goes to the default gateway at 192.168.1.1 which has no idea where the 172.16 subnet is, so it tries to send it using default route (out to the Internet). This fails because it is a private IP and the packet is discarded. If you try to access the Internet, much the same thing happens. The router has nowhere to send the reply.

To make it work you need to add a static route to the gateway router so that it knows where the 172.16 subnet is and how to reach it. The simplest way is to add a static subnet router to the gateway router. eg

172.16.0.0 255.255..0.0 192.168.1.254

Now everything works. Packets arriving at the gateway router for 172.16 addresses are forwarded to the RRAS router which delivers them directly from its private NIC.


.

---

• Follow-Ups:
  • Re: RRAS server separating two subnets - one subnet cannot reach the Internet and computers can't ping each other between subnets
    • From: Spin

• References:
  • RRAS server separating two subnets - one subnet cannot reach the Internet and computers can't ping each other between subnets
    • From: Spin

• Prev by Date: Computer certificate with strong key protection
• Next by Date: Server 2008 Print Management - Export
• Previous by thread: RRAS server separating two subnets - one subnet cannot reach the Internet and computers can't ping each other between subnets
• Next by thread: Re: RRAS server separating two subnets - one subnet cannot reach the Internet and computers can't ping each other between subnets
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Routing and RRAS Problem - Pleasehelp ... Traffic from your "internal" subnet can get ... out to the Internet by default routing, but the return traffic will fail. ... You need to add an extra route to the Linksys router so that it knows how to ... (microsoft.public.windows.server.networking) Re: Routing and RRAS Problem - Pleasehelp ... use RRAS but if will fail I will run RRAS server as NAT Router, ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... Traffic from your "internal" subnet can get ... You need to add an extra route to the Linksys router so that it knows how to ... (microsoft.public.windows.server.networking) Re: Powerline Ethernet adapters any good? Difference in Powerline speed over direct connect Wireless ... computer on one subnet won't see ones on the other subnet, ... wap/router in the garage and see the internet, but not the puters in the ... I went with just powerline networking to a hardwire to/on a laptop ... Router to WAP Router. ... (alt.internet.wireless) Re: New User on Wireless Setup (continued) ... with the gateway on the second pointing to the first so the cable internet works on both..... ... easy to do the two wap/routers to isolate the subnets, trick was the gateway so the second subnet users could use the internet, but not see anything shared on the other subnet ... wap router 1 ssid PPinUSA DHPC server on, cable modem, starting ip ... (alt.internet.wireless) Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure ... Please contact your router vendor to check the settings in the router, ... may be there are some rule deny the access from some IP addresses or subnet. ... How to configure Internet access in Windows Small Business Server 2003 ... |> Two Nics, a static IP address, ISA, router ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)