Help with network test environment - Static Routes

I've setup a test environment, something that I can use to practice with
different RRAS configurations. Right now I want to setup a static route on
one of the servers that I have (using Virtual PC).
This is a graphic of the setup that I have. The host is XP Pro, and the 3
VM's shown are Server 2003 and XP Pro.

http://www.brigan.com/test/NetworkLayout.jpg

On Server03 I want to create a static route in RRAS that will give that
machine access to the internet via my Linksys router.
I tried:
Network Destination: 72.189.23.0
Netmask: 255.255.240.0
Gateway: 192.168.1.1
Interface: 172.16.0.1

Part of my problem is, I get an error message when creating that route,
saying the netmask is invalid, my destination address cannot be more
specific than my netmask. I tried 255.255.0.0, but get the same error.
Am I even close??

How would I configure this?

TIA

"JohnB" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've setup a test environment, something that I can use to practice with
> different RRAS configurations. Right now I want to setup a static route
> on one of the servers that I have (using Virtual PC).
> This is a graphic of the setup that I have. The host is XP Pro, and the 3
> VM's shown are Server 2003 and XP Pro.
>
> http://www.brigan.com/test/NetworkLayout.jpg
>
> On Server03 I want to create a static route in RRAS that will give that
> machine access to the internet via my Linksys router.
> I tried:
> Network Destination: 72.189.23.0
> Netmask: 255.255.240.0
> Gateway: 192.168.1.1
> Interface: 172.16.0.1
>
> Part of my problem is, I get an error message when creating that route,
> saying the netmask is invalid, my destination address cannot be more
> specific than my netmask. I tried 255.255.0.0, but get the same error.
> Am I even close??
>
> How would I configure this?
>
> TIA
>

No, you are not even close.

You should not need any static route to do what you want. All you need
to do is set the
default gateway to the Linksys router's private IP (which should happen
automatically).

Does it work if you let the server get its network config automatically
from DHCP on the Linksys?

Yeah I didn't even think of that. I'm sure it would work.

Which means I'm back to my original problem; whatever it is that I'm trying
to emulate in a test environment, I'm having trouble recreating in a virtual
network.

What I would like to do is;
- emulate 2 physically separate business offices, using RRAS as the network
routers.
- test static route(s) between sites
- test using routing protocols PPTP and L2TP between sites.
- configure a VPN tunnel between the 2 sites
- configure remote clients, emulating for example, laptop users connecting
to the VPN server from the internet over broadband.

So far I've gotten VPC1 to access local network resources on Server03, going
through memberserver2003. But I've still got a ways to go to configure the
virtual network I need.

Thanks Bill. I'm glad at least one person here could help with this.


>
> No, you are not even close.
>
> You should not need any static route to do what you want. All you need
> to do is set the
> default gateway to the Linksys router's private IP (which should happen
> automatically).
>
> Does it work if you let the server get its network config automatically
> from DHCP on the Linksys?
>
>

"JohnB" <(E-Mail Removed)> wrote in message
news:uibUR$(E-Mail Removed)...
> Yeah I didn't even think of that. I'm sure it would work.
>
> Which means I'm back to my original problem; whatever it is that I'm
> trying to emulate in a test environment, I'm having trouble recreating in
> a virtual network.
>
> What I would like to do is;
> - emulate 2 physically separate business offices, using RRAS as the
> network routers.
> - test static route(s) between sites
> - test using routing protocols PPTP and L2TP between sites.
> - configure a VPN tunnel between the 2 sites
> - configure remote clients, emulating for example, laptop users connecting
> to the VPN server from the internet over broadband.
>
> So far I've gotten VPC1 to access local network resources on Server03,
> going through memberserver2003. But I've still got a ways to go to
> configure the virtual network I need.
>
> Thanks Bill. I'm glad at least one person here could help with this.
>

Actually you don't need Internet access to do that. All you need is two
workstations, each running VPC. I did a simulation like that a while back.

Your physical network would look like this. (Just two workstations
connected to a LAN).

Internet
|
Registered public IP 72.x.y.z
Linksys
192.168.1.1
|
workstations
192.168.1.x dg 192.168.1.1

On each workstation you build a virtual RRAS server with two NICs, one
connected to the LAN and one to Local Only. The "public" NIC is in
192.168.1.0/24 and you can access the Internet through your Linksys if you
like (but it in not necessary. It should happen automatically if you set
them to get their IP config from the Linksys). Your RRAS servers use the
192.168.1.0 network as their "public" network, not the Internet.

Configure each site with its own private IP subnet (say 172.16.1.0/24
and 172.16.2.0/24). These are isolated from each other and from the
Internet, but they can reach each other across the LAN (using their
192.168.1 IPs on the RRAS routers).

You can now configure a site to site network using your two RRAS routers
to connect your two private sites across the public network (which is
represented in your setup by the 192.168.1 subnet). The site to site setup
looks like this.

Site A
172.16.1.x dg 172.16.1.254
|
172.16.1.254 dg blank
RRAS
192.168.1.22 dg 192.168.1.1
|
"Public" network -> to "real" public network via Linksys
|
192.168.1.33 dg 192.168.1.1
RRAS
172.16.2.254 dg blank
|
172.16.2.x dg 172.16.2.254
Site B

You set up RRAS as the site to site routers using the 172.16 addresses
as the private networks and 192.168.1 as the public network. Attach the
necessary static routes to route between sites to the demand-dial interfaces
in the RRAS routers.

You don't actually need any other machines to get this set up. To make
sure that it works (ie that you can connect from a machine in site 1 to a
machine in site 2) you need a vm in each site set up to use the RRAS router
as default gateway (as in the diagram). The RRAS routers will route the
traffic through the VPN tunnel.

To emulate a client connecting to a site from the Internet you simply
plug it into your LAN (which represents the Internet in this emulation).

Note that this covers only the routing. Name resolution is a completely
separate can of worms.

> You set up RRAS as the site to site routers using the 172.16
> addresses as the private networks and 192.168.1 as the public network.
> Attach the necessary static routes to route between sites to the
> demand-dial interfaces in the RRAS routers.
>
I setup the network as you described
(http://www.brigan.com/test/NetworkLayout2.jpg)

But what you say above has me confused. Aren't demand-dial interfaces
modems? I'm using 2 NICs. On which of those interfaces would the static
route be created?






> You don't actually need any other machines to get this set up. To make
> sure that it works (ie that you can connect from a machine in site 1 to a
> machine in site 2) you need a vm in each site set up to use the RRAS
> router as default gateway (as in the diagram). The RRAS routers will route
> the traffic through the VPN tunnel.
>
> To emulate a client connecting to a site from the Internet you simply
> plug it into your LAN (which represents the Internet in this emulation).
>
> Note that this covers only the routing. Name resolution is a completely
> separate can of worms.
>
>
>
>
>
>

"JohnB" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
>> You set up RRAS as the site to site routers using the 172.16
>> addresses as the private networks and 192.168.1 as the public network.
>> Attach the necessary static routes to route between sites to the
>> demand-dial interfaces in the RRAS routers.
>>
> I setup the network as you described
> (http://www.brigan.com/test/NetworkLayout2.jpg)
>
> But what you say above has me confused. Aren't demand-dial interfaces
> modems? I'm using 2 NICs. On which of those interfaces would the static
> route be created?
>
Have you actually had a look at the help files on site to site VPN?

To set up site to site VPN using RRAS you need to use demand-dial
interfaces at both ends of the link. Each router needs a route to direct
traffic for the "other" site through the tunnel. You cannot manually
configure this route because the interface does not exist until the
connection is made.

To get around that problem you use named interfaces. (You do not need
to use dial on demand, but you must create a demand-dial interface to get
this named interface option). You can then assign the static route to the
name of the interface and let the system look after it. (There are wizards
to help with this). The route is stored in the registry. When the
connection is made and the interface becomes active, the route is added to
the routing table.