How to configure Windows 2003 as a Router ?

The following how to is for remote access, but it is the same idea.

How to setup vpn on 2003 as routerHow to setup VPN and NAT on Windows Server 2003 as a router. Pre-requirement:. 1. Two network interface cards. 2. One static public IP on the outside NIC. ...
http://www.howtonetworking.com/VPN/2003vpn1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Peter" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I am new to networking and would like to seek your advice.

We would like to configure a Windows 2003 Server as a router between 2
subnets.

There are already 2 NICs and each of them is assigned IP address of
different subnets.

We would like to know is it necessary for us to install any service (like
RRAS) to achieve our need ? Besides, does it mean that the default gateway
for those workstations connected to that Windows 2003 Server will use its IP
address as default gateway ?

Thank you for your help.

Peter

I am new to networking and would like to seek your advice.

We would like to configure a Windows 2003 Server as a router between 2
subnets.

There are already 2 NICs and each of them is assigned IP address of
different subnets.

We would like to know is it necessary for us to install any service (like
RRAS) to achieve our need ? Besides, does it mean that the default gateway
for those workstations connected to that Windows 2003 Server will use its IP
address as default gateway ?

Thank you for your help.

Peter

You'll need to configure RRAS. Simply select it from the Admin Tools menu
and use the help to get it working.

Assuming a simple network with the only way out of the network being via the
WS03 box, then you will need to set the default gateway for the workstations
to be the network interface of the server. Keep in mind that devices on the
other side of the server that is acting as the router need to have a static
route for the workstation subnet that goes back through the WS03 RRAS server
in order for return traffic to come back to the workstation.

I hope this is clear.

Cheers,
Jeremy.

"Peter" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am new to networking and would like to seek your advice.
>
> We would like to configure a Windows 2003 Server as a router between 2
> subnets.
>
> There are already 2 NICs and each of them is assigned IP address of
> different subnets.
>
> We would like to know is it necessary for us to install any service (like
> RRAS) to achieve our need ? Besides, does it mean that the default
> gateway for those workstations connected to that Windows 2003 Server will
> use its IP address as default gateway ?
>
> Thank you for your help.
>
> Peter
>
>

It is possible to allow IP routing without using RRAS, but it is pretty
pointless. Simply configure RRAS to be a LAN router from the wizard and it
will do it for you.

As Jeremy pointed out, all this does is configure the machine so that it
can forward traffic from one subnet to the other. Whether it routes or not
depends on how the two subnets are configured.

If all you want to do is link these two subnets, the routing is trivial.
You simply make the RRAS router the default gateway for both subnets. eg

192.168.1.x dg 192.168.1.1
|
192.168.1.1 dg blank
RRAS
192.168.2.1 dg blank
|
192.168.2.x dg 192.168.2.1

Any traffic which is not local (ie not in the same IP subnet) is sent to
the router. The router can deliver it in the other subnet because it has an
interface in that subnet (ie the target machine is local to the router).

Usually the setup is not as simple as that. One subnet is usually using
some other router, such as an ADSL Internet device as its default gateway.
Simply enabling IP routing doesn't do much because the trafffic never gets
to the RRAS router. You need extra routing to get the traffic to the correct
router. If you are in that situation and can't see what extra routing you
need, post a description of how your network is set up.

PS. I hope this server is not a DC. Using a DC as a router is not recomended
and it may cause you all sorts of odd problems.

Dear Robert,

Thank you for your advice.

When setting up the RRAS, I would like to know which option should I choose ?
1) VPN access and NAT
2) Secure connection between 2 private networks

Regards,
Peter
"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
The following how to is for remote access, but it is the same idea.

How to setup vpn on 2003 as router How to setup VPN and NAT on Windows Server 2003 as a router. Pre-requirement:. 1. Two network interface cards. 2. One static public IP on the outside NIC. ...
http://www.howtonetworking.com/VPN/2003vpn1.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Peter" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
I am new to networking and would like to seek your advice.

We would like to configure a Windows 2003 Server as a router between 2
subnets.

There are already 2 NICs and each of them is assigned IP address of
different subnets.

We would like to know is it necessary for us to install any service (like
RRAS) to achieve our need ? Besides, does it mean that the default gateway
for those workstations connected to that Windows 2003 Server will use its IP
address as default gateway ?

Thank you for your help.

Peter

Dear Bill,

Thank you for your advice.

The reason why we consider this option is because our Network Officer says
that by using a Windows 2003 Server as a router for connecting machines in
headquarter to a remote site.

I just wonder whether it is a good idea as the single point of failure will
be the Windows 2003 Server and the 2 NIC.

Regards,
Peter


"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> It is possible to allow IP routing without using RRAS, but it is pretty
> pointless. Simply configure RRAS to be a LAN router from the wizard and it
> will do it for you.
>
> As Jeremy pointed out, all this does is configure the machine so that
> it can forward traffic from one subnet to the other. Whether it routes or
> not depends on how the two subnets are configured.
>
> If all you want to do is link these two subnets, the routing is
> trivial. You simply make the RRAS router the default gateway for both
> subnets. eg
>
> 192.168.1.x dg 192.168.1.1
> |
> 192.168.1.1 dg blank
> RRAS
> 192.168.2.1 dg blank
> |
> 192.168.2.x dg 192.168.2.1
>
> Any traffic which is not local (ie not in the same IP subnet) is sent
> to the router. The router can deliver it in the other subnet because it
> has an interface in that subnet (ie the target machine is local to the
> router).
>
> Usually the setup is not as simple as that. One subnet is usually using
> some other router, such as an ADSL Internet device as its default gateway.
> Simply enabling IP routing doesn't do much because the trafffic never gets
> to the RRAS router. You need extra routing to get the traffic to the
> correct router. If you are in that situation and can't see what extra
> routing you need, post a description of how your network is set up.
>
> PS. I hope this server is not a DC. Using a DC as a router is not
> recomended and it may cause you all sorts of odd problems.
>

Whatever device you use as a router, it is going to be a single point of
failure unless you have a very complicated routing setup with multiple
paths.

How are you planning to connect HQ to a remote site? Leased lines or
VPN?

"Peter" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dear Bill,
>
> Thank you for your advice.
>
> The reason why we consider this option is because our Network Officer says
> that by using a Windows 2003 Server as a router for connecting machines in
> headquarter to a remote site.
>
> I just wonder whether it is a good idea as the single point of failure
> will be the Windows 2003 Server and the 2 NIC.
>
> Regards,
> Peter
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> It is possible to allow IP routing without using RRAS, but it is pretty
>> pointless. Simply configure RRAS to be a LAN router from the wizard and
>> it will do it for you.
>>
>> As Jeremy pointed out, all this does is configure the machine so that
>> it can forward traffic from one subnet to the other. Whether it routes or
>> not depends on how the two subnets are configured.
>>
>> If all you want to do is link these two subnets, the routing is
>> trivial. You simply make the RRAS router the default gateway for both
>> subnets. eg
>>
>> 192.168.1.x dg 192.168.1.1
>> |
>> 192.168.1.1 dg blank
>> RRAS
>> 192.168.2.1 dg blank
>> |
>> 192.168.2.x dg 192.168.2.1
>>
>> Any traffic which is not local (ie not in the same IP subnet) is sent
>> to the router. The router can deliver it in the other subnet because it
>> has an interface in that subnet (ie the target machine is local to the
>> router).
>>
>> Usually the setup is not as simple as that. One subnet is usually
>> using some other router, such as an ADSL Internet device as its default
>> gateway. Simply enabling IP routing doesn't do much because the trafffic
>> never gets to the RRAS router. You need extra routing to get the traffic
>> to the correct router. If you are in that situation and can't see what
>> extra routing you need, post a description of how your network is set up.
>>
>> PS. I hope this server is not a DC. Using a DC as a router is not
>> recomended and it may cause you all sorts of odd problems.
>>
>
>

It is planned to use leased line.

Peter

"Bill Grant" <not.available@online> wrote in message
news:%23PWjvK%(E-Mail Removed)...
> Whatever device you use as a router, it is going to be a single point of
> failure unless you have a very complicated routing setup with multiple
> paths.
>
> How are you planning to connect HQ to a remote site? Leased lines or
> VPN?
>
> "Peter" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Dear Bill,
>>
>> Thank you for your advice.
>>
>> The reason why we consider this option is because our Network Officer
>> says that by using a Windows 2003 Server as a router for connecting
>> machines in headquarter to a remote site.
>>
>> I just wonder whether it is a good idea as the single point of failure
>> will be the Windows 2003 Server and the 2 NIC.
>>
>> Regards,
>> Peter
>>
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:(E-Mail Removed)...
>>> It is possible to allow IP routing without using RRAS, but it is
>>> pretty pointless. Simply configure RRAS to be a LAN router from the
>>> wizard and it will do it for you.
>>>
>>> As Jeremy pointed out, all this does is configure the machine so that
>>> it can forward traffic from one subnet to the other. Whether it routes
>>> or not depends on how the two subnets are configured.
>>>
>>> If all you want to do is link these two subnets, the routing is
>>> trivial. You simply make the RRAS router the default gateway for both
>>> subnets. eg
>>>
>>> 192.168.1.x dg 192.168.1.1
>>> |
>>> 192.168.1.1 dg blank
>>> RRAS
>>> 192.168.2.1 dg blank
>>> |
>>> 192.168.2.x dg 192.168.2.1
>>>
>>> Any traffic which is not local (ie not in the same IP subnet) is sent
>>> to the router. The router can deliver it in the other subnet because it
>>> has an interface in that subnet (ie the target machine is local to the
>>> router).
>>>
>>> Usually the setup is not as simple as that. One subnet is usually
>>> using some other router, such as an ADSL Internet device as its default
>>> gateway. Simply enabling IP routing doesn't do much because the trafffic
>>> never gets to the RRAS router. You need extra routing to get the traffic
>>> to the correct router. If you are in that situation and can't see what
>>> extra routing you need, post a description of how your network is set
>>> up.
>>>
>>> PS. I hope this server is not a DC. Using a DC as a router is not
>>> recomended and it may cause you all sorts of odd problems.
>>>
>>
>>
>
>

OK. As I said in a previous post, the important thing about routing is
getting the traffic to the correct router. If this RRAS router is an
additional router in a subnet which currently uses some other device as the
default gateway (ie default router) the traffic for the other site may never
get to the RRAS router unless you add extra routing to the LAN. It only
works automatically if there is only one gateway and it is set as the
default.

Dear Bill,

There is default gateway in headquarter and remote site. However, the
network guy says that in order to get both sites get connected with the new
lease line, he has to remove the default gateway at remote site and make use
of the Windows 2003 Server as router here.

In this way, I believe that machines in remote site will regard the Windows
2003 Server as default gateway while machines here will continue to use the
existing default gateway (CISCO Router).

Is there any adjustment has to be done ?

Regards,
Peter