Re: Window 2003 Server - RRAS to Connect Two VLANs?
- From: "Robert L. \(MS-MVP\)" <findemail@xxxxxxxxxxxxxxx>
- Date: Thu, 30 Oct 2008 14:39:57 -0500
I would double check the ASA route command. For a test, use tarcert to find out where the traffic stop.
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"SteveV" <StevenVibert@xxxxxxxxxxx> wrote in message news:bd3066ba-e852-4915-a08c-d72a01cf3b4c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Oct 29, 9:54 pm, "Bill Grant" <not.available@online> wrote:
"SteveV" <StevenVib...@xxxxxxxxxxx> wrote in message
news:f4ac5453-c5da-4c51-9cab-f499998929bb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> I have a fairly simple existing network layout where all machines are
> on one lan segment (VLAN1 10.13.1.x) sitting behind a Cisco ASA5505
> configured as a gateway and connected to a Netopia T1 Router. I need
> to add a VLAN (VLAN2 10.39.1.x) that will contain approx 35 IP
> cameras. None of the cameras need to be accessable from the internet.
> I have a Win2003 Std Server box configured with 2 NICs; one connected
> to the 10.13.1.x segment the other connected to the 10.39.1.x
> segment. As expected, I can ping and connect to devices connected to
> either segment from this box. I have enabled RRAS on this box and have
> created a static route that looks like this:
> Destination Mask Gateway Interface
> 10.39.0.0 255.255.0.0 10.31.1.32 LAN
> I need to have machines connected to the 10.13.1.x segment reach
> devices on VLAN2. Currently none of the VLAN1 computers can ping any
> of the machines on VLAN2 unless I manually add a route on the
> individual machines connected to VLAN1.
> I have tried adding a static route on the Cisco ASA5505 but no joy.
> This is not my area of expertise so I'd really appreciate some insight
> on what I might be doing wrong.
That is because the machines on the LAN have their default gateway
pointing to the firewall, not to the RRAS server. As you have found you can
get to the other subnet by putting a static route on each machine. You could
also do it by putting the static route on the firewall to bounce the traffic
for the new subnet to the RRAS router. eg
Firewall {static route 10.39.0.0 255.255.0.0 10.31.1.32}
10.13.1.1
|
LAN1
10.13.1.x dg 10.13.1.1
|
10.13.1.32 dg 10.13.1.1
RRAS
10.39.1.1 dg blank
|
LAN2
10.39.1.x dg 10.39.1.1- Hide quoted text -
- Show quoted text -
Thanks for the reply. I already have a static route on the ASA but I
still can't connect to machines on VLAN2. If I filter the ASA log to
to only show "10.39" traffic I see the entries with the following:
Oct 30 2008|09:10:12|305006|10.39.1.140||portmap translation creation
failed for tcp src inside:10.13.1.222/2126
Where 10.39.1.140 if the machine I'm trying to connect to and
10.13.1.222 is my laptop's IP. So it certainly seems like the issue
is on the ASA end. Question is; what am I missong.
.
- References:
- Window 2003 Server - RRAS to Connect Two VLANs?
- From: SteveV
- Re: Window 2003 Server - RRAS to Connect Two VLANs?
- From: Bill Grant
- Re: Window 2003 Server - RRAS to Connect Two VLANs?
- From: SteveV
- Window 2003 Server - RRAS to Connect Two VLANs?
- Prev by Date: Re: Forwarding ports to internal server
- Next by Date: Credentials and net use problem after IPSec VPN is build
- Previous by thread: Re: Window 2003 Server - RRAS to Connect Two VLANs?
- Next by thread: Accessing network drives by SMB protocol
- Index(es):
Relevant Pages
|
Loading
