| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
I've enabled just "LAN Routing" on 10.53.24.3. I can RDC, ping, etc
from a 10.53.24.x workstation to 192.168.2.1 workstation (after adding a 192.168.x.x route manually on the 10.53.24.x workstation) However, the 192.168.2.1 workstation can't surf the internet, access 10.53.24.x workstations, etc. What's next step?  Bill Grant wrote: > As Bob said, you can't use NAT on the Windows router. NAT is a one-way > address translation setup. You cannot access machines on the "private" side > from the "public" side. What you need to do is use normal IP routing, not > NAT, and let the Cisco router do NAT for both subnets. > > Without NAT you will need extra routing to get traffic from the 10.52.24 > subnet to the 192.168 machines. Rather than putting a route on each > machine, you can add it to the Cisco router. > > Internet > | > public IP > Cisco Router (static route 192.168.0.0 255.255.0.0 10.53.24.3) > 10.53.24.1 > | > 10.53.24.x dg 10.53.24.1 > | > 10.53.24.3 dg 10.53.24.1 > RRAS > 192.168.1.1 dg blank > | > 192.168.x.y dg 192.168.1.1 > > > "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message > news:(E-Mail Removed)... > 1. What is this (192.168.2.1-192.168.2.254, 255.255.0.0) for? > 2. If you wan "to have ALL traffic open going both ways: 10.53.24.x to > 192.168.0.0 and vice versa, you don't need to enable NAT/firewall, you just > need to enable LAN routing only. > > Bob Lin, MS-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net > How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com > <(E-Mail Removed)> wrote in message > news:(E-Mail Removed) ups.com... > ISP > | > (Ext IP) > Cisco Router > (10.53.24.1) > | > Cisco switch (10.53.24.0/24) > | > (10.53.24.3) > W2K3 > (192.168.1.1) > | > Cisco switch (192.168.0.0/16) > | > (192.168.2.1) > WXP > > W2K3 has DHCP configured, dishing out IP address > (192.168.2.1-192.168.2.254, 255.255.0.0), GW (192.168.1.1), and DNS > (10.53.24.5) on the 192.168.1.1 interface. It also has Routing and RA. > > In Routing and RA mgmt console: Routing and RA > W2K3 > IP ROUTING > > NAT/BASIC FW > > Properties of 192.168.1.1 int NIC of W2K3: pvt int connected to pvt > network. > > Properties of 10.53.24.3 ext NIC of W2K3: 3 diff things I tried: > > 1. BASIC FW ONLY... WXP CANNOT surf the web (as expected). From a > workstation on 10.53.24.x with "route add 192.168.0.0 mask 255.255.0.0 > 10.53.24.3", I CAN remote desktop, ping, etc WXP. > > 2. PUBLIC INT CONNECT TO INET: ENABLE NAT ON THIS INTERFACE... WXP > CAN surf the web (as expected). From a workstation on 10.53.24.x with > "route add 192.168.0.0 mask 255.255.0.0 10.53.24.3", I CANNOT remote > desktop, ping, etc WXP. > > 3. PUBLIC INT CONNECT TO INET: ENABLE NAT ON THIS INTERFACE and ENABLE > BASIC FW... WXP CAN surf the web (as expected). From a workstation on > 10.53.24.x with "route add 192.168.0.0 mask 255.255.0.0 10.53.24.3", I > CANNOT remote desktop, ping, etc WXP. > > #3 above DOES NOT make sense to me. Wouldn't #3 be a combo of #1 and > #2??? > > What I want is to be able to have ALL traffic open going both ways: > 10.53.24.x to 192.168.0.0 and vice versa. And also, enable 192.168.0.0 > workstations to be able to surf the net. |
|
|
|
|
|||
|
Guest
Posts: n/a
|
They can't get to the Internet because the Cisco doesn't know where they
are. That is why I suggested adding the static route to the Cisco rather than to the individual machines. The Cisco must also know that it has to reach the new subnet via the internal router. <(E-Mail Removed)> wrote in message news:(E-Mail Removed) ups.com... > I've enabled just "LAN Routing" on 10.53.24.3. I can RDC, ping, etc > from a 10.53.24.x workstation to 192.168.2.1 workstation (after adding > a 192.168.x.x route manually on the 10.53.24.x workstation) > > However, the 192.168.2.1 workstation can't surf the internet, access > 10.53.24.x workstations, etc. > > What's next step? > > Bill Grant wrote: >> As Bob said, you can't use NAT on the Windows router. NAT is a one-way >> address translation setup. You cannot access machines on the "private" >> side >> from the "public" side. What you need to do is use normal IP routing, not >> NAT, and let the Cisco router do NAT for both subnets. >> >> Without NAT you will need extra routing to get traffic from the >> 10.52.24 >> subnet to the 192.168 machines. Rather than putting a route on each >> machine, you can add it to the Cisco router. >> >> Internet >> | >> public IP >> Cisco Router (static route 192.168.0.0 255.255.0.0 10.53.24.3) >> 10.53.24.1 >> | >> 10.53.24.x dg 10.53.24.1 >> | >> 10.53.24.3 dg 10.53.24.1 >> RRAS >> 192.168.1.1 dg blank >> | >> 192.168.x.y dg 192.168.1.1 >> >> >> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message >> news:(E-Mail Removed)... >> 1. What is this (192.168.2.1-192.168.2.254, 255.255.0.0) for? >> 2. If you wan "to have ALL traffic open going both ways: 10.53.24.x to >> 192.168.0.0 and vice versa, you don't need to enable NAT/firewall, you >> just >> need to enable LAN routing only. >> >> Bob Lin, MS-MVP, MCSE & CNE >> Networking, Internet, Routing, VPN Troubleshooting on >> http://www.ChicagoTech.net >> How to Setup Windows, Network, VPN & Remote Access on >> http://www.HowToNetworking.com >> <(E-Mail Removed)> wrote in message >> news:(E-Mail Removed) ups.com... >> ISP >> | >> (Ext IP) >> Cisco Router >> (10.53.24.1) >> | >> Cisco switch (10.53.24.0/24) >> | >> (10.53.24.3) >> W2K3 >> (192.168.1.1) >> | >> Cisco switch (192.168.0.0/16) >> | >> (192.168.2.1) >> WXP >> >> W2K3 has DHCP configured, dishing out IP address >> (192.168.2.1-192.168.2.254, 255.255.0.0), GW (192.168.1.1), and DNS >> (10.53.24.5) on the 192.168.1.1 interface. It also has Routing and RA. >> >> In Routing and RA mgmt console: Routing and RA > W2K3 > IP ROUTING > >> NAT/BASIC FW >> >> Properties of 192.168.1.1 int NIC of W2K3: pvt int connected to pvt >> network. >> >> Properties of 10.53.24.3 ext NIC of W2K3: 3 diff things I tried: >> >> 1. BASIC FW ONLY... WXP CANNOT surf the web (as expected). From a >> workstation on 10.53.24.x with "route add 192.168.0.0 mask 255.255.0.0 >> 10.53.24.3", I CAN remote desktop, ping, etc WXP. >> >> 2. PUBLIC INT CONNECT TO INET: ENABLE NAT ON THIS INTERFACE... WXP >> CAN surf the web (as expected). From a workstation on 10.53.24.x with >> "route add 192.168.0.0 mask 255.255.0.0 10.53.24.3", I CANNOT remote >> desktop, ping, etc WXP. >> >> 3. PUBLIC INT CONNECT TO INET: ENABLE NAT ON THIS INTERFACE and ENABLE >> BASIC FW... WXP CAN surf the web (as expected). From a workstation on >> 10.53.24.x with "route add 192.168.0.0 mask 255.255.0.0 10.53.24.3", I >> CANNOT remote desktop, ping, etc WXP. >> >> #3 above DOES NOT make sense to me. Wouldn't #3 be a combo of #1 and >> #2??? >> >> What I want is to be able to have ALL traffic open going both ways: >> 10.53.24.x to 192.168.0.0 and vice versa. And also, enable 192.168.0.0 >> workstations to be able to surf the net. > |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| WPA-PSK is driving me nuts - HELP? | Sven Pran | Wireless Networks | 11 | 05-30-2008 01:19 PM |
| File Sharing on wireless network.. Driving me nuts | Jacques | Wireless Networks | 2 | 10-17-2006 02:40 AM |
| X11 forwarding over ssh is driving me nuts! | Robert Latest | Linux Networking | 3 | 04-03-2006 03:26 PM |
| this is driving me nuts--noob alert | revek1@gmail.com | Wireless Internet | 0 | 07-27-2005 12:53 AM |
| Sporadic connections to external AP driving me nuts | Roland Burr | Wireless Internet | 4 | 06-19-2004 01:31 PM |
Linear Mode
