RRAS NAT DNS WINS DHCP NOT!

I'm trying to set up NAT on a Windows 2003 Standard Edition Domain
Contoller, but when clients connect on the NAT side (using a static
pool), an address is correctly assigned, but DNS doesn't work.

I have DHCP on that machine, but I turned it off for the NAT interface.


If I manually add a nameserver to my clients TCP/IP configuration,
everything works fine (shared drives, Exchange server, DNS)

You have to use the real DHCP Server and you need to use the DHCP Relay
Agent in RRAS for that to happen.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> I'm trying to set up NAT on a Windows 2003 Standard Edition Domain
> Contoller, but when clients connect on the NAT side (using a static
> pool), an address is correctly assigned, but DNS doesn't work.
>
> I have DHCP on that machine, but I turned it off for the NAT interface.
>
>
> If I manually add a nameserver to my clients TCP/IP configuration,
> everything works fine (shared drives, Exchange server, DNS)
>

Thanks for the quick response!

I already have a scope on that server for my public addresses. Is it
possible to set DHCP such that one scope maps to clients on one NIC,
and another scope to clients on the other NIC?

You need to explain the whole entire situation more clearly. I'm starting to
think that we are talking about two completely different things because I
don't *really* understand the situation. Don't leave things to be
"assumed",...I will probably assume wrong.


--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com




<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thanks for the quick response!
>
> I already have a scope on that server for my public addresses. Is it
> possible to set DHCP such that one scope maps to clients on one NIC,
> and another scope to clients on the other NIC?
>

I have a win2003 AD server with DHCP, DNS, WINS. My network was
originally set up with some public IPs, (DHCP provided by the AD
server) and adding workstations/printers/etc has almost used them up.
There's no reason for most of those boxes to have public IPs, so I'd
like to NAT them behind the AD server.

I have set up m0n0wall/pfSense on a spare wrap board to do the job
temporarily, but I'm not convinced it's entirely stable (in certain
testing situations like copying large files from a windows share,
connections drop)

So I thought I could move NAT to the AD server.

Setting up routing and remote access on an AD server with DNS seems to
be a "can of worms":

I ran across this article, but it's not solving all my issues (DNS not
provided to NAT clients, Windows shares inaccessable):
http://support.microsoft.com/default...;EN-US;q292822

Ideally, I'd just set up Win2003 on a completely seperate box dedicated
to RRAS/NAT, but it seems there should be a way to integrate RRAS/NAT
into my existing infrastructure. I'd like to avoid a "one box per
service" network topology.

My next testing situation is going to be using an existing Linux 2.6
kernel MySQL server to do IP Masquerade. Surprisingly at this point,
it seems like the easiest solution...

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Setting up routing and remote access on an AD server with DNS seems to
> be a "can of worms":

It isn't RRAS causing the "can of worms" it is the multi-homing of the
machine with or without RRAS.
RRAS itself is irrelevant to the "problems".

> I ran across this article, but it's not solving all my issues (DNS not
> provided to NAT clients, Windows shares inaccessable):
> http://support.microsoft.com/default...;EN-US;q292822
>
> Ideally, I'd just set up Win2003 on a completely seperate box dedicated
> to RRAS/NAT, but it seems there should be a way to integrate RRAS/NAT
> into my existing infrastructure. I'd like to avoid a "one box per
> service" network topology.

You can do that. But a hardware solution is cheaper if you research
carefully and watchout for hidden costs, like features you don't actually
get until you pay extra, or find out there are limits to the number of
users.

> My next testing situation is going to be using an existing Linux 2.6
> kernel MySQL server to do IP Masquerade. Surprisingly at this point,
> it seems like the easiest solution...

It is most certainly not the easiest,...just the cheapest "up front". It is
one of the most difficult to manage on a daily basis.

You have multiple way to solve this,...duel-homing the DC is not one of
them. SBS is a duel-homed DC but the installation Wizards make sure it is
done right , although you don't get to see what it is doing under the hood.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------