Newbie simple LAN routing problem

Hi,

All I want to do is set up a 2003 server as a LAN router between two subnets
(production and test networks), whatever I try it's not working, I think I'm
gonna go mad soon.

Here's the setup:
Server 2003 with 2 NICs
NIC1
192.168.222.9/24
DG 192.168.222.254
DNS 192.168.222.1
NIC2
192.168.0.254/24
DG [blank]
DNS [blank]

192.168.222.0 is our production network with 222.1 = DC+DNS; 222.254 =
Internet gateway

Ran the RRAS wizard, selected Secure Connection between 2 private networks,
no DOD connections, then right-click server/properties in RRAS console,
select LAN routing only.

Added static routes:

Interface NIC1
Destination 192.168.222.0/24
GW 192.168.222.9
Metric 1

Interface NIC2
Destination 192.168.0.0/24
GW 192.168.0.254
Metric 1

Routing from production network to test is not important (AFAIK it won't
work anyway without additional static routes on the production side because
the configured default GW on production machines is the internet GW, not
this
router I'm configuring).
However I need to route from the test network out onto the production LAN,
primarily for internet access.

I have a client on the test LAN configured like:
IP 192.168.0.1/24
GW 192.168.0.254
DNS 192.168.222.1

From this machine I can ping both interfaces on the Win2003 router box, but
none others on the 192.168.222.0 subnet.

What did I do wrong? I'm sure I'm missing something stupid here

TIA for any helpPS I accidentally posted this in the 2000 routing group
first as well sorry for double-posting

--
Regards,
David Hartry
--

The problem is that none of the 192.168.222.x machines (except the server)
know where to send packets destined for the 192.168.0.x network. ie.
packets from the 192.168.0.x network are probably reaching 192.168.222.254,
but that machine/router doesn't know where to send replies. The easiest
solution is to configure a static route on the 192.168.222.254 gateway
device:

route -p add 192.168.0.0 mask 255.255.255.0 192.168.222.9

Also, you do not need/want the static routes on the Win 2003 server.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"David Hartry" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> All I want to do is set up a 2003 server as a LAN router between two
subnets
> (production and test networks), whatever I try it's not working, I think
I'm
> gonna go mad soon.
>
> Here's the setup:
> Server 2003 with 2 NICs
> NIC1
> 192.168.222.9/24
> DG 192.168.222.254
> DNS 192.168.222.1
> NIC2
> 192.168.0.254/24
> DG [blank]
> DNS [blank]
>
> 192.168.222.0 is our production network with 222.1 = DC+DNS; 222.254 =
> Internet gateway
>
> Ran the RRAS wizard, selected Secure Connection between 2 private
networks,
> no DOD connections, then right-click server/properties in RRAS console,
> select LAN routing only.
>
> Added static routes:
>
> Interface NIC1
> Destination 192.168.222.0/24
> GW 192.168.222.9
> Metric 1
>
> Interface NIC2
> Destination 192.168.0.0/24
> GW 192.168.0.254
> Metric 1
>
> Routing from production network to test is not important (AFAIK it won't
> work anyway without additional static routes on the production side
because
> the configured default GW on production machines is the internet GW, not
> this
> router I'm configuring).
> However I need to route from the test network out onto the production LAN,
> primarily for internet access.
>
> I have a client on the test LAN configured like:
> IP 192.168.0.1/24
> GW 192.168.0.254
> DNS 192.168.222.1
>
> From this machine I can ping both interfaces on the Win2003 router box,
but
> none others on the 192.168.222.0 subnet.
>
> What did I do wrong? I'm sure I'm missing something stupid here
>
> TIA for any helpPS I accidentally posted this in the 2000 routing group
> first as well sorry for double-posting
>
> --
> Regards,
> David Hartry
> --
>
>

Thanks Doug, I *get* it now. Worked straight away and I was right, I was
missing something very stupid huh? Of course the traffic needs to get back
onto the test network :$ Thanks again.

"Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
news:eTt%(E-Mail Removed)...
> The problem is that none of the 192.168.222.x machines (except the server)
> know where to send packets destined for the 192.168.0.x network. ie.
> packets from the 192.168.0.x network are probably reaching
> 192.168.222.254,
> but that machine/router doesn't know where to send replies. The easiest
> solution is to configure a static route on the 192.168.222.254 gateway
> device:
>
> route -p add 192.168.0.0 mask 255.255.255.0 192.168.222.9
>
> Also, you do not need/want the static routes on the Win 2003 server.
>
> Doug Sherman
> MCSE, MCSA, MCP+I, MVP
>
> "David Hartry" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> All I want to do is set up a 2003 server as a LAN router between two
> subnets
>> (production and test networks), whatever I try it's not working, I think
> I'm
>> gonna go mad soon.
>>
>> Here's the setup:
>> Server 2003 with 2 NICs
>> NIC1
>> 192.168.222.9/24
>> DG 192.168.222.254
>> DNS 192.168.222.1
>> NIC2
>> 192.168.0.254/24
>> DG [blank]
>> DNS [blank]
>>
>> 192.168.222.0 is our production network with 222.1 = DC+DNS; 222.254 =
>> Internet gateway
>>
>> Ran the RRAS wizard, selected Secure Connection between 2 private
> networks,
>> no DOD connections, then right-click server/properties in RRAS console,
>> select LAN routing only.
>>
>> Added static routes:
>>
>> Interface NIC1
>> Destination 192.168.222.0/24
>> GW 192.168.222.9
>> Metric 1
>>
>> Interface NIC2
>> Destination 192.168.0.0/24
>> GW 192.168.0.254
>> Metric 1
>>
>> Routing from production network to test is not important (AFAIK it won't
>> work anyway without additional static routes on the production side
> because
>> the configured default GW on production machines is the internet GW, not
>> this
>> router I'm configuring).
>> However I need to route from the test network out onto the production
>> LAN,
>> primarily for internet access.
>>
>> I have a client on the test LAN configured like:
>> IP 192.168.0.1/24
>> GW 192.168.0.254
>> DNS 192.168.222.1
>>
>> From this machine I can ping both interfaces on the Win2003 router box,
> but
>> none others on the 192.168.222.0 subnet.
>>
>> What did I do wrong? I'm sure I'm missing something stupid here
>>
>> TIA for any helpPS I accidentally posted this in the 2000 routing group
>> first as well sorry for double-posting
>>
>> --
>> Regards,
>> David Hartry
>> --
>>
>>
>
>

Go get 'em, David!

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"David Hartry" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Thanks Doug, I *get* it now. Worked straight away and I was right, I was
> missing something very stupid huh? Of course the traffic needs to get
back
> onto the test network :$ Thanks again.
>
> "Doug Sherman [MVP]" <(E-Mail Removed)> wrote in message
> news:eTt%(E-Mail Removed)...
> > The problem is that none of the 192.168.222.x machines (except the
server)
> > know where to send packets destined for the 192.168.0.x network. ie.
> > packets from the 192.168.0.x network are probably reaching
> > 192.168.222.254,
> > but that machine/router doesn't know where to send replies. The easiest
> > solution is to configure a static route on the 192.168.222.254 gateway
> > device:
> >
> > route -p add 192.168.0.0 mask 255.255.255.0 192.168.222.9
> >
> > Also, you do not need/want the static routes on the Win 2003 server.
> >
> > Doug Sherman
> > MCSE, MCSA, MCP+I, MVP
> >
> > "David Hartry" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Hi,
> >>
> >> All I want to do is set up a 2003 server as a LAN router between two
> > subnets
> >> (production and test networks), whatever I try it's not working, I
think
> > I'm
> >> gonna go mad soon.
> >>
> >> Here's the setup:
> >> Server 2003 with 2 NICs
> >> NIC1
> >> 192.168.222.9/24
> >> DG 192.168.222.254
> >> DNS 192.168.222.1
> >> NIC2
> >> 192.168.0.254/24
> >> DG [blank]
> >> DNS [blank]
> >>
> >> 192.168.222.0 is our production network with 222.1 = DC+DNS; 222.254 =
> >> Internet gateway
> >>
> >> Ran the RRAS wizard, selected Secure Connection between 2 private
> > networks,
> >> no DOD connections, then right-click server/properties in RRAS console,
> >> select LAN routing only.
> >>
> >> Added static routes:
> >>
> >> Interface NIC1
> >> Destination 192.168.222.0/24
> >> GW 192.168.222.9
> >> Metric 1
> >>
> >> Interface NIC2
> >> Destination 192.168.0.0/24
> >> GW 192.168.0.254
> >> Metric 1
> >>
> >> Routing from production network to test is not important (AFAIK it
won't
> >> work anyway without additional static routes on the production side
> > because
> >> the configured default GW on production machines is the internet GW,
not
> >> this
> >> router I'm configuring).
> >> However I need to route from the test network out onto the production
> >> LAN,
> >> primarily for internet access.
> >>
> >> I have a client on the test LAN configured like:
> >> IP 192.168.0.1/24
> >> GW 192.168.0.254
> >> DNS 192.168.222.1
> >>
> >> From this machine I can ping both interfaces on the Win2003 router box,
> > but
> >> none others on the 192.168.222.0 subnet.
> >>
> >> What did I do wrong? I'm sure I'm missing something stupid here
> >>
> >> TIA for any helpPS I accidentally posted this in the 2000 routing group
> >> first as well sorry for double-posting
> >>
> >> --
> >> Regards,
> >> David Hartry
> >> --
> >>
> >>
> >
> >
>
>