NAT & multi-subnet private network question

Hi,

I'm currently trying some different lab scenarios as preperation for exam
70-291; currently i'm struggling with:

internet <--> hardware router with dhcp server <--> (Server1) w2k3 AD,
dhcp, DNS server, dhcp enabled adapter connected to hardware router + static
IP on private net <--> (server2) multi-homed W2k3 vpn server/router <-2 way
dial on demand vpn-> (server3) w2k VPN server/router

I can perform DNS/web browsing from the w2k3 AD server ok
I can do the same from the w2k3 VPN server ok
I can perform DNS lookups from the w2k vpn server, but web browsing doesn't
work

Server1 has its default gateway set as the adapter facing the hardware
router/dhcp server, and a static route back to server3's subnet (DDR appears
to be working ok)
Server2 has a default route of server1, and a static route to server3
Server3 has a static route of 0.0.0.0/24 that causes the DDR connection to
be started

Can anyone point me in the direction of where i'm going wrong with this
config?
thanks in advance

It's hard to be sure without any IP numbers. Exactly where is NAT being
done? At the hardware router?

My guess is that the hardware router doesn't know how to reach your
inner subnets. It only has an interface in the subnet which goes to server
1. Try adding static routes to the hardware router to forward your inner
subnets to server 1. Routing obviously works from there on.

"Ewan" <(E-Mail Removed)> wrote in message
news:774CCA5D-B5AA-497F-A3C4-(E-Mail Removed)...
> Hi,
>
> I'm currently trying some different lab scenarios as preperation for exam
> 70-291; currently i'm struggling with:
>
> internet <--> hardware router with dhcp server <--> (Server1) w2k3 AD,
> dhcp, DNS server, dhcp enabled adapter connected to hardware router +
> static
> IP on private net <--> (server2) multi-homed W2k3 vpn server/router <-2
> way
> dial on demand vpn-> (server3) w2k VPN server/router
>
> I can perform DNS/web browsing from the w2k3 AD server ok
> I can do the same from the w2k3 VPN server ok
> I can perform DNS lookups from the w2k vpn server, but web browsing
> doesn't
> work
>
> Server1 has its default gateway set as the adapter facing the hardware
> router/dhcp server, and a static route back to server3's subnet (DDR
> appears
> to be working ok)
> Server2 has a default route of server1, and a static route to server3
> Server3 has a static route of 0.0.0.0/24 that causes the DDR connection to
> be started
>
> Can anyone point me in the direction of where i'm going wrong with this
> config?
> thanks in advance

hi Bill,
thanks for the hints. NAT was being done at the hardware router, and again
at server1. As it turned out, I hadn't fully understood the syntax of
specifying the static route for all destinations. I cleared the static routes
from the server3 in the explanation below, and added 0.0.0.0/0.0.0.0 to the
DDR adapter, and everything now works as I expected

"Bill Grant" wrote:

> It's hard to be sure without any IP numbers. Exactly where is NAT being
> done? At the hardware router?
>
> My guess is that the hardware router doesn't know how to reach your
> inner subnets. It only has an interface in the subnet which goes to server
> 1. Try adding static routes to the hardware router to forward your inner
> subnets to server 1. Routing obviously works from there on.
>
> "Ewan" <(E-Mail Removed)> wrote in message
> news:774CCA5D-B5AA-497F-A3C4-(E-Mail Removed)...
> > Hi,
> >
> > I'm currently trying some different lab scenarios as preperation for exam
> > 70-291; currently i'm struggling with:
> >
> > internet <--> hardware router with dhcp server <--> (Server1) w2k3 AD,
> > dhcp, DNS server, dhcp enabled adapter connected to hardware router +
> > static
> > IP on private net <--> (server2) multi-homed W2k3 vpn server/router <-2
> > way
> > dial on demand vpn-> (server3) w2k VPN server/router
> >
> > I can perform DNS/web browsing from the w2k3 AD server ok
> > I can do the same from the w2k3 VPN server ok
> > I can perform DNS lookups from the w2k vpn server, but web browsing
> > doesn't
> > work
> >
> > Server1 has its default gateway set as the adapter facing the hardware
> > router/dhcp server, and a static route back to server3's subnet (DDR
> > appears
> > to be working ok)
> > Server2 has a default route of server1, and a static route to server3
> > Server3 has a static route of 0.0.0.0/24 that causes the DDR connection to
> > be started
> >
> > Can anyone point me in the direction of where i'm going wrong with this
> > config?
> > thanks in advance
>
>
>

Glad to hear you sorted it out. Doing NAT twice works OK for a test lab.
Without NAT on Server 1, you would need the extra routing on the Internet
router.

"Ewan" <(E-Mail Removed)> wrote in message
news:3D77E5EC-75D3-4854-A76A-(E-Mail Removed)...
> hi Bill,
> thanks for the hints. NAT was being done at the hardware router, and again
> at server1. As it turned out, I hadn't fully understood the syntax of
> specifying the static route for all destinations. I cleared the static
> routes
> from the server3 in the explanation below, and added 0.0.0.0/0.0.0.0 to
> the
> DDR adapter, and everything now works as I expected
>
> "Bill Grant" wrote:
>
>> It's hard to be sure without any IP numbers. Exactly where is NAT
>> being
>> done? At the hardware router?
>>
>> My guess is that the hardware router doesn't know how to reach your
>> inner subnets. It only has an interface in the subnet which goes to
>> server
>> 1. Try adding static routes to the hardware router to forward your inner
>> subnets to server 1. Routing obviously works from there on.
>>
>> "Ewan" <(E-Mail Removed)> wrote in message
>> news:774CCA5D-B5AA-497F-A3C4-(E-Mail Removed)...
>> > Hi,
>> >
>> > I'm currently trying some different lab scenarios as preperation for
>> > exam
>> > 70-291; currently i'm struggling with:
>> >
>> > internet <--> hardware router with dhcp server <--> (Server1) w2k3 AD,
>> > dhcp, DNS server, dhcp enabled adapter connected to hardware router +
>> > static
>> > IP on private net <--> (server2) multi-homed W2k3 vpn server/router <-2
>> > way
>> > dial on demand vpn-> (server3) w2k VPN server/router
>> >
>> > I can perform DNS/web browsing from the w2k3 AD server ok
>> > I can do the same from the w2k3 VPN server ok
>> > I can perform DNS lookups from the w2k vpn server, but web browsing
>> > doesn't
>> > work
>> >
>> > Server1 has its default gateway set as the adapter facing the hardware
>> > router/dhcp server, and a static route back to server3's subnet (DDR
>> > appears
>> > to be working ok)
>> > Server2 has a default route of server1, and a static route to server3
>> > Server3 has a static route of 0.0.0.0/24 that causes the DDR connection
>> > to
>> > be started
>> >
>> > Can anyone point me in the direction of where i'm going wrong with this
>> > config?
>> > thanks in advance
>>
>>
>>