How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?

I have our production lan that is on 192.168.100.x.. this is a 2003
server domain, with a DHCP server running on one of the 2003 boxes.

I also have a development test lan that is 192.168.227.x.. this too is
a 2003 domain with a DHCP server running on one of the 2003 boxes
there.

I want to be able to share resources between the 2.. ie: if i'm a box
on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
\servername\apps..

I've tried setting up RAS servers on both ends.. then setting static
routes between them..

I've also tried adding the 100.x gateway as a secondary gateway on the
one 227.x server, but this didnt work either...

One thing to note.. the 227.x lan is actually run completely on my
Vista machine under Vmware Workstation 6.x I have the servers set to
"bridged mode" (there is also nat mode, which uses the same ip as the
host OS, or host only mode, which completely isolates the guest from
the host).

Ultimately too, I'd like to have someone running vmware on their
machine, to create say an XP virtual machine and join the test domain
that is running from my machine.

I dont think the issue is VMware related.. I think i'm just missing a
step in RAS (if ras is even needed) or somewhere else (maybe demand
dialing between the two ras servers if needed?)?

One key thing i was worried about was the fact i have a dhcp server on
both domains.. as i only want dhcp requests in the wild to be
processed by the 100.x server, so i'm guessing i'd have to turn off
the dhcp server on the test domain.

Thanks for any tips

You would not need two RRAS servers. You just need one RRAS server
which has an interface in both subnets. I would use one of the vms as a
router between the physical network an the virtual network. The fact that
you are using virtual machines and virtual networks doesn't alter the way IP
routing works.

You can only run DHCP in the test network if it is isolated from the
physical network. DHCP works by using broadcasts, so your machines will see
both DHCP servers if the networks are bridged. I haven't run a setup like
this with VMWare but it works fine in VPC or Virtual Server. You put the vms
in the virtual network which is not linked to an interface on the host
(Local Only in VPC or internal in VS). You set up the RRAS server as a
router with one NIC linked to the physical network and one in the virtual
network.

If you want to connect virtual machines which are running on
different host machines it is a bit harder. You need to put them in
different IP subnets and route the traffic between them through the physical
network (just like linking two isolated physical segments across a linking
segment).

"markm75" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have our production lan that is on 192.168.100.x.. this is a 2003
> server domain, with a DHCP server running on one of the 2003 boxes.
>
> I also have a development test lan that is 192.168.227.x.. this too is
> a 2003 domain with a DHCP server running on one of the 2003 boxes
> there.
>
> I want to be able to share resources between the 2.. ie: if i'm a box
> on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
> \servername\apps..
>
> I've tried setting up RAS servers on both ends.. then setting static
> routes between them..
>
> I've also tried adding the 100.x gateway as a secondary gateway on the
> one 227.x server, but this didnt work either...
>
> One thing to note.. the 227.x lan is actually run completely on my
> Vista machine under Vmware Workstation 6.x I have the servers set to
> "bridged mode" (there is also nat mode, which uses the same ip as the
> host OS, or host only mode, which completely isolates the guest from
> the host).
>
> Ultimately too, I'd like to have someone running vmware on their
> machine, to create say an XP virtual machine and join the test domain
> that is running from my machine.
>
> I dont think the issue is VMware related.. I think i'm just missing a
> step in RAS (if ras is even needed) or somewhere else (maybe demand
> dialing between the two ras servers if needed?)?
>
> One key thing i was worried about was the fact i have a dhcp server on
> both domains.. as i only want dhcp requests in the wild to be
> processed by the 100.x server, so i'm guessing i'd have to turn off
> the dhcp server on the test domain.
>
> Thanks for any tips
>

To add to Bill's comments, I need to clear something up before it becomes a
point of confusion.

Domains have nothing to do with subnets,...subnets have nothing to do with
Domains.
You can have 100 Domains all on one subnet,...or,..you can have one Domain
that runs over 100 subnets. There is just no relationship between the two.

Sharing resources between two Domains is all about properly configured
Trusts, Share Permissions, and NTFS Permissions.

Functionality across subnets is a matter of a proper Layer3 LAN Routing
scheme.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

"markm75" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have our production lan that is on 192.168.100.x.. this is a 2003
> server domain, with a DHCP server running on one of the 2003 boxes.
>
> I also have a development test lan that is 192.168.227.x.. this too is
> a 2003 domain with a DHCP server running on one of the 2003 boxes
> there.
>
> I want to be able to share resources between the 2.. ie: if i'm a box
> on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
> \servername\apps..
>
> I've tried setting up RAS servers on both ends.. then setting static
> routes between them..
>
> I've also tried adding the 100.x gateway as a secondary gateway on the
> one 227.x server, but this didnt work either...
>
> One thing to note.. the 227.x lan is actually run completely on my
> Vista machine under Vmware Workstation 6.x I have the servers set to
> "bridged mode" (there is also nat mode, which uses the same ip as the
> host OS, or host only mode, which completely isolates the guest from
> the host).
>
> Ultimately too, I'd like to have someone running vmware on their
> machine, to create say an XP virtual machine and join the test domain
> that is running from my machine.
>
> I dont think the issue is VMware related.. I think i'm just missing a
> step in RAS (if ras is even needed) or somewhere else (maybe demand
> dialing between the two ras servers if needed?)?
>
> One key thing i was worried about was the fact i have a dhcp server on
> both domains.. as i only want dhcp requests in the wild to be
> processed by the 100.x server, so i'm guessing i'd have to turn off
> the dhcp server on the test domain.
>
> Thanks for any tips
>

On Aug 6, 8:30 pm, "Bill Grant" <not.available@online> wrote:
> You would not need two RRAS servers. You just need one RRAS server
> which has an interface in both subnets. I would use one of the vms as a
> router between the physical network an the virtual network. The fact that
> you are using virtual machines and virtual networks doesn't alter the way IP
> routing works.
>
> You can only run DHCP in the test network if it is isolated from the
> physical network. DHCP works by using broadcasts, so your machines will see
> both DHCP servers if the networks are bridged. I haven't run a setup like
> this with VMWare but it works fine in VPC or Virtual Server. You put the vms
> in the virtual network which is not linked to an interface on the host
> (Local Only in VPC or internal in VS). You set up the RRAS server as a
> router with one NIC linked to the physical network and one in the virtual
> network.
>
> If you want to connect virtual machines which are running on
> different host machines it is a bit harder. You need to put them in
> different IP subnets and route the traffic between them through the physical
> network (just like linking two isolated physical segments across a linking
> segment).
>
> "markm75" <markm...@msn.com> wrote in message
>
> news:(E-Mail Removed) oups.com...
>
>
>
> >I have our production lan that is on 192.168.100.x.. this is a 2003
> > server domain, with a DHCP server running on one of the 2003 boxes.
>
> > I also have a development test lan that is 192.168.227.x.. this too is
> > a 2003 domain with a DHCP server running on one of the 2003 boxes
> > there.
>
> > I want to be able to share resources between the 2.. ie: if i'm a box
> > on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
> > \servername\apps..
>
> > I've tried setting up RAS servers on both ends.. then setting static
> > routes between them..
>
> > I've also tried adding the 100.x gateway as a secondary gateway on the
> > one 227.x server, but this didnt work either...
>
> > One thing to note.. the 227.x lan is actually run completely on my
> > Vista machine under Vmware Workstation 6.x I have the servers set to
> > "bridged mode" (there is also nat mode, which uses the same ip as the
> > host OS, or host only mode, which completely isolates the guest from
> > the host).
>
> > Ultimately too, I'd like to have someone running vmware on their
> > machine, to create say an XP virtual machine and join the test domain
> > that is running from my machine.
>
> > I dont think the issue is VMware related.. I think i'm just missing a
> > step in RAS (if ras is even needed) or somewhere else (maybe demand
> > dialing between the two ras servers if needed?)?
>
> > One key thing i was worried about was the fact i have a dhcp server on
> > both domains.. as i only want dhcp requests in the wild to be
> > processed by the 100.x server, so i'm guessing i'd have to turn off
> > the dhcp server on the test domain.
>
> > Thanks for any tips- Hide quoted text -
>
> - Show quoted text -

Just an update.. thanks for the tip..

I tried just adding a secondary nic to my virtual server (just the
main one.. the DC).. i set the ip on it to my production 100.x subnet,
while leaving the other at 227.x

I stopped the router (ras) on this machine too for kicks..

Now I can ping from both domains.. so joining other virtual
workstations/servers to my virtual domain should now be possible
(outside of my machine).

It appears the RAS service isnt needed either.. i can seemingly ping
any machine in there.

So all appears good.. i can even browse my 100.x machines/servers by
name not just ip.

I guess I'm out of luck on using DHCP in the test domain, unless i
want clashes in the production.

Thanks again

On Aug 7, 3:22 pm, markm75 <markm...@msn.com> wrote:
> On Aug 6, 8:30 pm, "Bill Grant" <not.available@online> wrote:
>
>
>
>
>
> > You would not need two RRAS servers. You just need one RRAS server
> > which has an interface in both subnets. I would use one of the vms as a
> > router between the physical network an the virtual network. The fact that
> > you are using virtual machines and virtual networks doesn't alter the way IP
> > routing works.
>
> > You can only run DHCP in the test network if it is isolated from the
> > physical network. DHCP works by using broadcasts, so your machines will see
> > both DHCP servers if the networks are bridged. I haven't run a setup like
> > this with VMWare but it works fine in VPC or Virtual Server. You put the vms
> > in the virtual network which is not linked to an interface on the host
> > (Local Only in VPC or internal in VS). You set up the RRAS server as a
> > router with one NIC linked to the physical network and one in the virtual
> > network.
>
> > If you want to connect virtual machines which are running on
> > different host machines it is a bit harder. You need to put them in
> > different IP subnets and route the traffic between them through the physical
> > network (just like linking two isolated physical segments across a linking
> > segment).
>
> > "markm75" <markm...@msn.com> wrote in message
>
> >news:(E-Mail Removed) roups.com...
>
> > >I have our production lan that is on 192.168.100.x.. this is a 2003
> > > server domain, with a DHCP server running on one of the 2003 boxes.
>
> > > I also have a development test lan that is 192.168.227.x.. this too is
> > > a 2003 domain with a DHCP server running on one of the 2003 boxes
> > > there.
>
> > > I want to be able to share resources between the 2.. ie: if i'm a box
> > > on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
> > > \servername\apps..
>
> > > I've tried setting up RAS servers on both ends.. then setting static
> > > routes between them..
>
> > > I've also tried adding the 100.x gateway as a secondary gateway on the
> > > one 227.x server, but this didnt work either...
>
> > > One thing to note.. the 227.x lan is actually run completely on my
> > > Vista machine under Vmware Workstation 6.x I have the servers set to
> > > "bridged mode" (there is also nat mode, which uses the same ip as the
> > > host OS, or host only mode, which completely isolates the guest from
> > > the host).
>
> > > Ultimately too, I'd like to have someone running vmware on their
> > > machine, to create say an XP virtual machine and join the test domain
> > > that is running from my machine.
>
> > > I dont think the issue is VMware related.. I think i'm just missing a
> > > step in RAS (if ras is even needed) or somewhere else (maybe demand
> > > dialing between the two ras servers if needed?)?
>
> > > One key thing i was worried about was the fact i have a dhcp server on
> > > both domains.. as i only want dhcp requests in the wild to be
> > > processed by the 100.x server, so i'm guessing i'd have to turn off
> > > the dhcp server on the test domain.
>
> > > Thanks for any tips- Hide quoted text -
>
> > - Show quoted text -
>
> Just an update.. thanks for the tip..
>
> I tried just adding a secondary nic to my virtual server (just the
> main one.. the DC).. i set the ip on it to my production 100.x subnet,
> while leaving the other at 227.x
>
> I stopped the router (ras) on this machine too for kicks..
>
> Now I can ping from both domains.. so joining other virtual
> workstations/servers to my virtual domain should now be possible
> (outside of my machine).
>
> It appears the RAS service isnt needed either.. i can seemingly ping
> any machine in there.
>
> So all appears good.. i can even browse my 100.x machines/servers by
> name not just ip.
>
> I guess I'm out of luck on using DHCP in the test domain, unless i
> want clashes in the production.
>
> Thanks again- Hide quoted text -
>
> - Show quoted text -

Update again.. with the secondary nic (alone).. all i can do is ping
the production domain /lan from the test one...

I had deleted the static entry from my physical router.. now i cant
ping the test lan.

So it would seem, naturaly, that you need a static route on a physical
router or use RAS on a 2003 server with a static route to be able to
ping the test domain (short of using 2ndary nics on the production
servers)..

On Aug 7, 3:28 pm, markm75 <markm...@msn.com> wrote:
> On Aug 7, 3:22 pm, markm75 <markm...@msn.com> wrote:
>
>
>
>
>
> > On Aug 6, 8:30 pm, "Bill Grant" <not.available@online> wrote:
>
> > > You would not need two RRAS servers. You just need one RRAS server
> > > which has an interface in both subnets. I would use one of the vms as a
> > > router between the physical network an the virtual network. The fact that
> > > you are using virtual machines and virtual networks doesn't alter the way IP
> > > routing works.
>
> > > You can only run DHCP in the test network if it is isolated from the
> > > physical network. DHCP works by using broadcasts, so your machines will see
> > > both DHCP servers if the networks are bridged. I haven't run a setup like
> > > this with VMWare but it works fine in VPC or Virtual Server. You put the vms
> > > in the virtual network which is not linked to an interface on the host
> > > (Local Only in VPC or internal in VS). You set up the RRAS server as a
> > > router with one NIC linked to the physical network and one in the virtual
> > > network.
>
> > > If you want to connect virtual machines which are running on
> > > different host machines it is a bit harder. You need to put them in
> > > different IP subnets and route the traffic between them through the physical
> > > network (just like linking two isolated physical segments across a linking
> > > segment).
>
> > > "markm75" <markm...@msn.com> wrote in message
>
> > >news:(E-Mail Removed) roups.com...
>
> > > >I have our production lan that is on 192.168.100.x.. this is a 2003
> > > > server domain, with a DHCP server running on one of the 2003 boxes.
>
> > > > I also have a development test lan that is 192.168.227.x.. this too is
> > > > a 2003 domain with a DHCP server running on one of the 2003 boxes
> > > > there.
>
> > > > I want to be able to share resources between the 2.. ie: if i'm a box
> > > > on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
> > > > \servername\apps..
>
> > > > I've tried setting up RAS servers on both ends.. then setting static
> > > > routes between them..
>
> > > > I've also tried adding the 100.x gateway as a secondary gateway on the
> > > > one 227.x server, but this didnt work either...
>
> > > > One thing to note.. the 227.x lan is actually run completely on my
> > > > Vista machine under Vmware Workstation 6.x I have the servers set to
> > > > "bridged mode" (there is also nat mode, which uses the same ip as the
> > > > host OS, or host only mode, which completely isolates the guest from
> > > > the host).
>
> > > > Ultimately too, I'd like to have someone running vmware on their
> > > > machine, to create say an XP virtual machine and join the test domain
> > > > that is running from my machine.
>
> > > > I dont think the issue is VMware related.. I think i'm just missing a
> > > > step in RAS (if ras is even needed) or somewhere else (maybe demand
> > > > dialing between the two ras servers if needed?)?
>
> > > > One key thing i was worried about was the fact i have a dhcp server on
> > > > both domains.. as i only want dhcp requests in the wild to be
> > > > processed by the 100.x server, so i'm guessing i'd have to turn off
> > > > the dhcp server on the test domain.
>
> > > > Thanks for any tips- Hide quoted text -
>
> > > - Show quoted text -
>
> > Just an update.. thanks for the tip..
>
> > I tried just adding a secondary nic to my virtual server (just the
> > main one.. the DC).. i set the ip on it to my production 100.x subnet,
> > while leaving the other at 227.x
>
> > I stopped the router (ras) on this machine too for kicks..
>
> > Now I can ping from both domains.. so joining other virtual
> > workstations/servers to my virtual domain should now be possible
> > (outside of my machine).
>
> > It appears the RAS service isnt needed either.. i can seemingly ping
> > any machine in there.
>
> > So all appears good.. i can even browse my 100.x machines/servers by
> > name not just ip.
>
> > I guess I'm out of luck on using DHCP in the test domain, unless i
> > want clashes in the production.
>
> > Thanks again- Hide quoted text -
>
> > - Show quoted text -
>
> Update again.. with the secondary nic (alone).. all i can do is ping
> the production domain /lan from the test one...
>
> I had deleted the static entry from my physical router.. now i cant
> ping the test lan.
>
> So it would seem, naturaly, that you need a static route on a physical
> router or use RAS on a 2003 server with a static route to be able to
> ping the test domain (short of using 2ndary nics on the production
> servers)..- Hide quoted text -
>
> - Show quoted text -

sorry for multiple posts in a row.. but now for some reason, despite
putting the static route back on my physical router and even trying
static routes in RAS on the virtual side.. i cant get a ping to work
from the production 100.x side... to the 227.x side.

And also note that it is not a good idea to use a DC as a router, whatever
setup you are using. A DC should only have one NIC and one IP. You will get
all sorts of odd problems with a multihomed DC.

You will also almost certainly have DNS problems running a domain behind a
NAT router, if you go down that path. All machines in a domain, including
the DC itself should use the local DNS. If you want Internet access you need
to set up this DNS to forward to a public DNS service. Using the NAT router
for DNS will result in problems for your AD clients.

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> To add to Bill's comments, I need to clear something up before it becomes
> a point of confusion.
>
> Domains have nothing to do with subnets,...subnets have nothing to do with
> Domains.
> You can have 100 Domains all on one subnet,...or,..you can have one Domain
> that runs over 100 subnets. There is just no relationship between the
> two.
>
> Sharing resources between two Domains is all about properly configured
> Trusts, Share Permissions, and NTFS Permissions.
>
> Functionality across subnets is a matter of a proper Layer3 LAN Routing
> scheme.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
> "markm75" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>>I have our production lan that is on 192.168.100.x.. this is a 2003
>> server domain, with a DHCP server running on one of the 2003 boxes.
>>
>> I also have a development test lan that is 192.168.227.x.. this too is
>> a 2003 domain with a DHCP server running on one of the 2003 boxes
>> there.
>>
>> I want to be able to share resources between the 2.. ie: if i'm a box
>> on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
>> \servername\apps..
>>
>> I've tried setting up RAS servers on both ends.. then setting static
>> routes between them..
>>
>> I've also tried adding the 100.x gateway as a secondary gateway on the
>> one 227.x server, but this didnt work either...
>>
>> One thing to note.. the 227.x lan is actually run completely on my
>> Vista machine under Vmware Workstation 6.x I have the servers set to
>> "bridged mode" (there is also nat mode, which uses the same ip as the
>> host OS, or host only mode, which completely isolates the guest from
>> the host).
>>
>> Ultimately too, I'd like to have someone running vmware on their
>> machine, to create say an XP virtual machine and join the test domain
>> that is running from my machine.
>>
>> I dont think the issue is VMware related.. I think i'm just missing a
>> step in RAS (if ras is even needed) or somewhere else (maybe demand
>> dialing between the two ras servers if needed?)?
>>
>> One key thing i was worried about was the fact i have a dhcp server on
>> both domains.. as i only want dhcp requests in the wild to be
>> processed by the 100.x server, so i'm guessing i'd have to turn off
>> the dhcp server on the test domain.
>>
>> Thanks for any tips
>>
>
>

On Aug 7, 9:26 pm, "Bill Grant" <not.available@online> wrote:
> And also note that it is not a good idea to use a DC as a router, whatever
> setup you are using. A DC should only have one NIC and one IP. You will get
> all sorts of odd problems with a multihomed DC.
>
> You will also almost certainly have DNS problems running a domain behind a
> NAT router, if you go down that path. All machines in a domain, including
> the DC itself should use the local DNS. If you want Internet access you need
> to set up this DNS to forward to a public DNS service. Using the NAT router
> for DNS will result in problems for your AD clients.
>
> "Phillip Windell" <philwind...@hotmail.com> wrote in message
>
> news:(E-Mail Removed)...
>
>
>
> > To add to Bill's comments, I need to clear something up before it becomes
> > a point of confusion.
>
> > Domains have nothing to do with subnets,...subnets have nothing to do with
> > Domains.
> > You can have 100 Domains all on one subnet,...or,..you can have one Domain
> > that runs over 100 subnets. There is just no relationship between the
> > two.
>
> > Sharing resources between two Domains is all about properly configured
> > Trusts, Share Permissions, and NTFS Permissions.
>
> > Functionality across subnets is a matter of a proper Layer3 LAN Routing
> > scheme.
>
> > --
> > Phillip Windell
> >www.wandtv.com
>
> > The views expressed, are my own and not those of my employer, or
> > Microsoft, or anyone else associated with me, including my cats.
> > -----------------------------------------------------
> > Understanding the ISA 2004 Access Rule Processing
> >http://www.isaserver.org/articles/IS...cessRules.html
>
> > Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> >http://download.microsoft.com/downlo...1d0-40ed-8e6d-...
>
> > Microsoft Internet Security & Acceleration Server: Partners
> >http://www.microsoft.com/isaserver/partners/default.asp
>
> > Microsoft ISA Server Partners: Partner Hardware Solutions
> >http://www.microsoft.com/forefront/e...s/hardwarepart...
> > -----------------------------------------------------
>
> > "markm75" <markm...@msn.com> wrote in message
> >news:(E-Mail Removed) roups.com...
> >>I have our production lan that is on 192.168.100.x.. this is a 2003
> >> server domain, with a DHCP server running on one of the 2003 boxes.
>
> >> I also have a development test lan that is 192.168.227.x.. this too is
> >> a 2003 domain with a DHCP server running on one of the 2003 boxes
> >> there.
>
> >> I want to be able to share resources between the 2.. ie: if i'm a box
> >> on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
> >> \servername\apps..
>
> >> I've tried setting up RAS servers on both ends.. then setting static
> >> routes between them..
>
> >> I've also tried adding the 100.x gateway as a secondary gateway on the
> >> one 227.x server, but this didnt work either...
>
> >> One thing to note.. the 227.x lan is actually run completely on my
> >> Vista machine under Vmware Workstation 6.x I have the servers set to
> >> "bridged mode" (there is also nat mode, which uses the same ip as the
> >> host OS, or host only mode, which completely isolates the guest from
> >> the host).
>
> >> Ultimately too, I'd like to have someone running vmware on their
> >> machine, to create say an XP virtual machine and join the test domain
> >> that is running from my machine.
>
> >> I dont think the issue is VMware related.. I think i'm just missing a
> >> step in RAS (if ras is even needed) or somewhere else (maybe demand
> >> dialing between the two ras servers if needed?)?
>
> >> One key thing i was worried about was the fact i have a dhcp server on
> >> both domains.. as i only want dhcp requests in the wild to be
> >> processed by the 100.x server, so i'm guessing i'd have to turn off
> >> the dhcp server on the test domain.
>
> >> Thanks for any tips- Hide quoted text -
>
> - Show quoted text -

Ill keep the DC thing in mind and make the switch..

I'm still only able to ping from within my virtual lan (227.x)..

any thoughts on what to do to enable the ping of the virtual lan from
the other lan (100.x)?

Do I need to setup static routes on either the physical router, or a
2003 router (RAS) on the 100.x side? Do I need to do the dual nic
thing on the 100.x side?

I have static routes going on currently from both our physical router
and the RAS on the 100.x to the other side (192.168.227.0 with the
gateway being 227.2, that of the RAS server on the other end)..

But so far no pinging working..

"markm75" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> On Aug 7, 9:26 pm, "Bill Grant" <not.available@online> wrote:
>> And also note that it is not a good idea to use a DC as a router,
>> whatever
>> setup you are using. A DC should only have one NIC and one IP. You will
>> get
>> all sorts of odd problems with a multihomed DC.
>>
>> You will also almost certainly have DNS problems running a domain behind
>> a
>> NAT router, if you go down that path. All machines in a domain, including
>> the DC itself should use the local DNS. If you want Internet access you
>> need
>> to set up this DNS to forward to a public DNS service. Using the NAT
>> router
>> for DNS will result in problems for your AD clients.
>>
>> "Phillip Windell" <philwind...@hotmail.com> wrote in message
>>
>> news:(E-Mail Removed)...
>>
>>
>>
>> > To add to Bill's comments, I need to clear something up before it
>> > becomes
>> > a point of confusion.
>>
>> > Domains have nothing to do with subnets,...subnets have nothing to do
>> > with
>> > Domains.
>> > You can have 100 Domains all on one subnet,...or,..you can have one
>> > Domain
>> > that runs over 100 subnets. There is just no relationship between the
>> > two.
>>
>> > Sharing resources between two Domains is all about properly configured
>> > Trusts, Share Permissions, and NTFS Permissions.
>>
>> > Functionality across subnets is a matter of a proper Layer3 LAN Routing
>> > scheme.
>>
>> > --
>> > Phillip Windell
>> >www.wandtv.com
>>
>> > The views expressed, are my own and not those of my employer, or
>> > Microsoft, or anyone else associated with me, including my cats.
>> > -----------------------------------------------------
>> > Understanding the ISA 2004 Access Rule Processing
>> >http://www.isaserver.org/articles/IS...cessRules.html
>>
>> > Troubleshooting Client Authentication on Access Rules in ISA Server
>> > 2004
>> >http://download.microsoft.com/downlo...1d0-40ed-8e6d-...
>>
>> > Microsoft Internet Security & Acceleration Server: Partners
>> >http://www.microsoft.com/isaserver/partners/default.asp
>>
>> > Microsoft ISA Server Partners: Partner Hardware Solutions
>> >http://www.microsoft.com/forefront/e...s/hardwarepart...
>> > -----------------------------------------------------
>>
>> > "markm75" <markm...@msn.com> wrote in message
>> >news:(E-Mail Removed) roups.com...
>> >>I have our production lan that is on 192.168.100.x.. this is a 2003
>> >> server domain, with a DHCP server running on one of the 2003 boxes.
>>
>> >> I also have a development test lan that is 192.168.227.x.. this too is
>> >> a 2003 domain with a DHCP server running on one of the 2003 boxes
>> >> there.
>>
>> >> I want to be able to share resources between the 2.. ie: if i'm a box
>> >> on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
>> >> \servername\apps..
>>
>> >> I've tried setting up RAS servers on both ends.. then setting static
>> >> routes between them..
>>
>> >> I've also tried adding the 100.x gateway as a secondary gateway on the
>> >> one 227.x server, but this didnt work either...
>>
>> >> One thing to note.. the 227.x lan is actually run completely on my
>> >> Vista machine under Vmware Workstation 6.x I have the servers set to
>> >> "bridged mode" (there is also nat mode, which uses the same ip as the
>> >> host OS, or host only mode, which completely isolates the guest from
>> >> the host).
>>
>> >> Ultimately too, I'd like to have someone running vmware on their
>> >> machine, to create say an XP virtual machine and join the test domain
>> >> that is running from my machine.
>>
>> >> I dont think the issue is VMware related.. I think i'm just missing a
>> >> step in RAS (if ras is even needed) or somewhere else (maybe demand
>> >> dialing between the two ras servers if needed?)?
>>
>> >> One key thing i was worried about was the fact i have a dhcp server on
>> >> both domains.. as i only want dhcp requests in the wild to be
>> >> processed by the 100.x server, so i'm guessing i'd have to turn off
>> >> the dhcp server on the test domain.
>>
>> >> Thanks for any tips- Hide quoted text -
>>
>> - Show quoted text -
>
> Ill keep the DC thing in mind and make the switch..
>
> I'm still only able to ping from within my virtual lan (227.x)..
>
> any thoughts on what to do to enable the ping of the virtual lan from
> the other lan (100.x)?
>
> Do I need to setup static routes on either the physical router, or a
> 2003 router (RAS) on the 100.x side? Do I need to do the dual nic
> thing on the 100.x side?
>
> I have static routes going on currently from both our physical router
> and the RAS on the 100.x to the other side (192.168.227.0 with the
> gateway being 227.2, that of the RAS server on the other end)..
>
> But so far no pinging working..


Have you ever set up a similar network using "real" networks?

Networking between two segments works fine if the router is the
default gateway for both subnets. All you need to do is enable IP routing
and away it goes. eg

192.168.1.x dg 192.168.1.254
|
192.168.1.254 dg blank
router
192.168.227.254 dg blank
|
192.168.227.x dg 192.168.227.254

If one subnet uses some other gateway, making changes on the RRAS server
cannot solve the problem unless you enable NAT. With NAT on the RRAS server
the "inner" subnet can see the original subnet and the Internet, because NAT
looks after the routing. eg

Internet
|
Public IP
Gateway router
192.168.1.254
|
workstations
192.168.1.x dg 192.168.1.254
|
192.168.1.n dg 192.168.1.254
RRAS/NAT
192.168.227.254 dg blank
|
192.168.227.x dg 192.168.227.254

The .227 machines can see the machines on the 192.168.1.0 subnet and the
Internet because the RRAS/NAT server handles the traffic through its
"public" IP of 192.168.1.n . This is in the same subnet as the gateway
router and everything works. The machines in 192.168.1.0 cannot see the
machines in 192.168.227.0 because they are on the public side of the NAT.

You cannot use this sort of setup if you want to run AD on the internal
subnet. The way that NAT handles DNS (by relaying DNS to a public DNS
service) is not compatible with AD. All domain members, including the DC
itself, need to use the local DNS, because that is where your SRV records
are. An external DNS cannot tell your client machines how to find the DC,
for example.

Whether you are using virtual networks or not, running a domain has
certain requirements. And if you want the domain members to be able to
access machines on some other network or access the Internet through some
other existing LAN it is far from simple.

I would recommend that you set up your new domain on an isolated network
and get it working properly on its own subnet using its own DNS and DHCP.
When that all works, set up a virtual machine (not the DC) as a router
between that subnet and your existing physical LAN. You will need extra
routing so that the existing LAN knows where the new subnet is and how to
reach it. You will also need to set up your DNS on the new domain to forward
to a DNS server which can resolve public URLs.

On Aug 8, 4:09 am, "Bill Grant" <not.available@online> wrote:
> "markm75" <markm...@msn.com> wrote in message
>
> news:(E-Mail Removed) ups.com...
>
>
>
>
>
> > On Aug 7, 9:26 pm, "Bill Grant" <not.available@online> wrote:

> I would recommend that you set up your new domain on an isolated network
> and get it working properly on its own subnet using its own DNS and DHCP.
> When that all works, set up a virtual machine (not the DC) as a router
> between that subnet and your existing physicalLAN. You will need extra
> routing so that the existingLANknows where the new subnet is and how to
> reach it. You will also need to set up your DNS on the new domain to forward
> to a DNS server which can resolve public URLs.- Hide quoted text -
>
> - Show quoted text -

Working like a charm so far.. All i had to do was add a static route
in my router to the RAS server on my virtual network.. and on that RAS
server have a secondary nic with an ip address in the real domain..
all machines in the virtual realm have the gateway set to the RAS
server address..


Now onto secondary thing.. DNS.. what is the usual way to hack this
one.. should i just put for the secondary dns addresses on every
machine in the Virtual Network, the dns of the real network? Or can I
just do a forward from within the DNS manager (right click server
name.. forwards tab.. enter ip address of the opposite dns servers?)
on the Virtual network and the same on the real.. i think this one
would be simpler?

I can only ping by ip as of now naturally.

UPDATE: Tried adding the real domains ip addresses to the forwarders
tab, recycled things, waited, i still cant ping them by name as of
now. Actually.. i can ping the other domain.. but only if i add the
domain suffix.. ie: ping serverA.domain.local I'm guessing i can tweak
the settings to fix this.. hoping i dont need to add this suffix to
every machine in the virtual realm. This ping with the suffix actually
works without doing anything to DNS on either side too.