RE: Static routes w/o RRAS
- From: Brian <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 10:53:00 -0700
Thank you so much for your detailed post. You answered my basic question of
whether I need to run the Windows firewall if I run RRAS as well as adding a
lot of clarity to the issues surrounding the RRAS/firewall.
I do not use my server for NAT; instead, the client computers use a hardware
router as their gateway. The server has a WAN NIC only for my remote access &
incoming SMTP mail connections.
Actually, I had already disabled RRAS, run the CEICW, then disabled the
Windows firewall, re-enabled RRAS, and configured the static routes. My
question arose when I found that I could not enable both RRAS & the Windows
firewall, and you have confirmed that I cannot. I prefer RRAS to the Windows
firewall anyway because it makes management of things like static routes much
easier.
Thank you again.
"Terence Liu [MSFT]" wrote:
Hello Brian,.
Thank you for posting here.
According to your description, I understand that you unable to add static
routes in RRAS console and get error about NAT conflict. If I have
misunderstood the problem, please don't hesitate to let me know.
Based on my research, we still can add static routes in RRAS on SBS 2003 R2
system. I suggest we try the following steps to see if we can resolve this
issue:
1) Disable RRAS
a. Schedule a network down time.
b. Please open Routing and Remote Access console on SBS thru run command
"rrasmgmt.msc"
c. Right click the SBSname (local), select Disable Routing and Remote
Access console
2) Run CEICW on SBS
You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
In SBS, we finish almost all configuration thru wizard, after we run the
CEICW, the wizard will help you to configure the RRAS. Then, you can try to
add static routs in the RRAS:
a. Please open Routing and Remote Access console on SBS thru run command
"rrasmgmt.msc"
b. Extend to SBSname (local) -> IP Routing -> Static Routes
c. Try to add static route here.
Additional, if you do not install ISA server on SBS, the RRAS NAT/Basic
Firewall is enabled by default. We do not suggest you disable it. Of
course, we cannot disable RRAS on SBS, it not only use for VPN, but for all
network traffic go through SBS (without ISA). If you disable RRAS on SBS,
all traffic go through SBS will be block.
Then, I'd like let you know that we cannot start Windows firewall (ICS)
service in SBS 2003 with 2 NICs. In SBS 2003 with 2 NICs, the SBS will be
used as NAT server of the internal network, the RRAS will start with the
basic firewall. Therefore, we do not need to start the Windows firewall
(ICS) service in SBS. This is a by-design behavior.
If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:
1. Please capture screenshots on the error messages and send the pictures
to me at v-terliu@xxxxxxxxxxxxx
2. Gather MPS network report on SBS:
a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
b. Run MPSRPT_NETWORK.exe on the server box.
c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.
d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\
e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Static routes w/o RRAS
| thread-index: Acgan/xr5bQkFOtDSZyBfOTRniBCfA==
| X-WBNR-Posting-Host: 207.46.192.207
| From: =?Utf-8?B?QnJpYW4=?= <Brian@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <8B4E20E3-AF81-4A89-904B-96C65B701BC2@xxxxxxxxxxxxx>
<9FA4ED4E-D88E-4A79-BABF-76AF9476D638@xxxxxxxxxxxxx>
| Subject: RE: Static routes w/o RRAS
| Date: Mon, 29 Oct 2007 19:53:01 -0700
| Lines: 35
| Message-ID: <94774080-5873-46AB-92AE-3CB7D8FBD352@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:72570
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I can live with that. Static routes are just more apparent (for
documentation
| & reminder purposes) in the GUI.
|
| The underlying question, though, is whether it is better to enable the
| firewall than not, and give up RRAS. I do not really need the Windows
VPN, so
| perhaps the static routes are the only (rather weak) link tying me to
RRAS.
|
| "msb-2007@xxxxxxxxxxxxx" wrote:
|
| > Simple way is to use "route add -p ...." from the cmd prompt (-p makes
it
| > persistent across reboots). You still have to do it manually, but only
once.
| > If you want to get crazy use RIP..
| >
| > Good luck!
| >
| > -Matt
| >
| >
| >
| >
| > "Brian" wrote:
| >
| > > I use static routes on my SBS to allow SBS communication with clients
| > > connected via hardware VPNs. That is, the remote PCs are members of
the
| > > domain, and I need the static route on the SBS LAN card to route the
traffic
| > > to the VPN box instead of the WAN route.
| > >
| > > With SBS2K & earlier SBS2003 releases, I ran RRAS and enter the
static
| > > routes manually. However, with my newest SBS2003 R2 project, if I do
this, I
| > > cannot successfully run the ICS wizard, because the firewall config
fails on
| > > the NAT conflict with RRAS. Apparently, RRAS & FW/ICS are mutually
exclusive,
| > > and I suppose I can see why.
| > >
| > > So, should I run RRAS or the firewall & ICS? If the latter, where do
I store
| > > my static routes (aside from managing them via the command prompt)?
|
- References:
- RE: Static routes w/o RRAS
- From: Terence Liu [MSFT]
- RE: Static routes w/o RRAS
- Prev by Date: Re: Can't configure the Firewall
- Next by Date: Trust LDAP
- Previous by thread: RE: Static routes w/o RRAS
- Next by thread: Re: A fatal error occurred either while synchronizing the Update S
- Index(es):
Relevant Pages
|
