Setting up RRAS for testing purposes

I am studying for the 70-291 course, and ultimately going for my 2003 MCSA.
I'm using the Microsoft Press book. In the book, most of the examples talk
about using 2 dialup connections to an ISP. I don't have dialup, but I have
high speed cable internet.

I'm looking for suggestions on a good configuration to prepare for this
course, and my problem is in figuring out how to do this with what I have,
vs what the book suggests.

This is what I have:
2 PC's
2 Linksys routers. One is less than a year old - it has the ability to
configure static routes - and the other is 3-4 years old, it doesn't have
the capability to configure static routes.
On one of the PC's I have Virtual PC installed.
On the PC (XP Pro) with VPC I have 2 XP Pro VPC sessions and one with Server
2003.
On the other PC I have Server 2003 installed.

The newer Linksys is currently my connection to the internet. The older
Linksys has a cable going from it's Internet port to one of the switch ports
on the new Linksys. The server with 2003 on it is connected to the older
Linksys and does have internet connectivity. From the new Linksys I cannot
ping the older one (I assume I would need a static route to do that), but
the older one can ping the new Linksys (which makes sense, that's it's
default gateway).

I was thinking I would configure static routes on the new Linksys, so that I
had communication between it and the other router. I'd then setup VPC
sessions to simulate remotely connecting to the server that has 2003 on it.
But I cannot get that to work, all I succeeded in doing was loosing internet
connectivity.

Anyone have suggestions on the best way to do this? Do I even need that 2nd
router?

TIA

"JohnB" <(E-Mail Removed)> wrote in message
news:u$e#(E-Mail Removed)...
> I am studying for the 70-291 course, and ultimately going for my 2003
> MCSA. I'm using the Microsoft Press book. In the book, most of the
> examples talk about using 2 dialup connections to an ISP. I don't have
> dialup, but I have high speed cable internet.
>
> I'm looking for suggestions on a good configuration to prepare for this
> course, and my problem is in figuring out how to do this with what I have,
> vs what the book suggests.
>
> This is what I have:
> 2 PC's
> 2 Linksys routers. One is less than a year old - it has the ability to
> configure static routes - and the other is 3-4 years old, it doesn't have
> the capability to configure static routes.
> On one of the PC's I have Virtual PC installed.
> On the PC (XP Pro) with VPC I have 2 XP Pro VPC sessions and one with
> Server 2003.
> On the other PC I have Server 2003 installed.
>
> The newer Linksys is currently my connection to the internet. The older
> Linksys has a cable going from it's Internet port to one of the switch
> ports on the new Linksys. The server with 2003 on it is connected to the
> older Linksys and does have internet connectivity. From the new Linksys I
> cannot ping the older one (I assume I would need a static route to do
> that), but the older one can ping the new Linksys (which makes sense,
> that's it's default gateway).
>
> I was thinking I would configure static routes on the new Linksys, so that
> I had communication between it and the other router. I'd then setup VPC
> sessions to simulate remotely connecting to the server that has 2003 on
> it. But I cannot get that to work, all I succeeded in doing was loosing
> internet connectivity.
>
> Anyone have suggestions on the best way to do this? Do I even need that
> 2nd router?
>
> TIA
>

It is hard to say without knowing exactly what you want RRAS to do. My
guess is that you do not really need two physical routers. I have set up
some pretty complex network scenarios using virtual networks and RRAS.

Even if you are looking at things like site-to-site VPN you don't need
any physical routers at all. You can install VPC on both workstations and
configure RRAS in a vm in each site to act as your router. You can then
connect the two sites, using the local LAN as the common carrier or "public"
network. Virtual networks are a great way to test network configs without
needing lots of hardware.

For things like "dialup" VPN you could configure a RRAS router in a vm
with Server 2003 with the "private" LAN on a virtual network and the
"public" interface connected to the LAN NIC of the host. You could then
connect from your second workstation (as the client), using the local LAN as
the "public" network and the virtual network as the private network. With
VPC you can use the "Local Only" setting for a private virtual network.

VPN works over an IP network. Exactly what that underlying network is
does not affect how VPN works. It does not matter whether it is the Internet
or simply a local Ethernet connection.

I had a feeling I was making thing more complicated than then need to be.

I'm going to try you suggestions later today. Thanks.


"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
>
>
> "JohnB" <(E-Mail Removed)> wrote in message
> news:u$e#(E-Mail Removed)...
>> I am studying for the 70-291 course, and ultimately going for my 2003
>> MCSA. I'm using the Microsoft Press book. In the book, most of the
>> examples talk about using 2 dialup connections to an ISP. I don't have
>> dialup, but I have high speed cable internet.
>>
>> I'm looking for suggestions on a good configuration to prepare for this
>> course, and my problem is in figuring out how to do this with what I
>> have, vs what the book suggests.
>>
>> This is what I have:
>> 2 PC's
>> 2 Linksys routers. One is less than a year old - it has the ability to
>> configure static routes - and the other is 3-4 years old, it doesn't have
>> the capability to configure static routes.
>> On one of the PC's I have Virtual PC installed.
>> On the PC (XP Pro) with VPC I have 2 XP Pro VPC sessions and one with
>> Server 2003.
>> On the other PC I have Server 2003 installed.
>>
>> The newer Linksys is currently my connection to the internet. The older
>> Linksys has a cable going from it's Internet port to one of the switch
>> ports on the new Linksys. The server with 2003 on it is connected to the
>> older Linksys and does have internet connectivity. From the new Linksys
>> I cannot ping the older one (I assume I would need a static route to do
>> that), but the older one can ping the new Linksys (which makes sense,
>> that's it's default gateway).
>>
>> I was thinking I would configure static routes on the new Linksys, so
>> that I had communication between it and the other router. I'd then setup
>> VPC sessions to simulate remotely connecting to the server that has 2003
>> on it. But I cannot get that to work, all I succeeded in doing was
>> loosing internet connectivity.
>>
>> Anyone have suggestions on the best way to do this? Do I even need that
>> 2nd router?
>>
>> TIA
>>
>
> It is hard to say without knowing exactly what you want RRAS to do. My
> guess is that you do not really need two physical routers. I have set up
> some pretty complex network scenarios using virtual networks and RRAS.
>
> Even if you are looking at things like site-to-site VPN you don't need
> any physical routers at all. You can install VPC on both workstations and
> configure RRAS in a vm in each site to act as your router. You can then
> connect the two sites, using the local LAN as the common carrier or
> "public" network. Virtual networks are a great way to test network
> configs without needing lots of hardware.
>
> For things like "dialup" VPN you could configure a RRAS router in a vm
> with Server 2003 with the "private" LAN on a virtual network and the
> "public" interface connected to the LAN NIC of the host. You could then
> connect from your second workstation (as the client), using the local LAN
> as the "public" network and the virtual network as the private network.
> With VPC you can use the "Local Only" setting for a private virtual
> network.
>
> VPN works over an IP network. Exactly what that underlying network is
> does not affect how VPN works. It does not matter whether it is the
> Internet or simply a local Ethernet connection.
>
>

I'm not understanding a few things you said for dialup;

So I use 2003 in a vm.... with it configured with 2 NICs, with a private and
public IP?

something like...

(private, virtual network) <----- 192.168.1.1 --| SERVER 2003 |--
200.200.200.1 -----> (public network)

And how would the client work?
I wasn't familiar with the Local Only setting.... so I looked it up in vm
Help. Which says it's used when you don't need to communicate with the host
machine. And just to understand it better I setup a vpc with that setting,
and noticed I can't ping anything. So I'm confused as to how that would
work, as a client.
I feel like a real dumb azz here, but without having done this before, it's
hard to visualize all of this.



>>
>
> It is hard to say without knowing exactly what you want RRAS to do. My
> guess is that you do not really need two physical routers. I have set up
> some pretty complex network scenarios using virtual networks and RRAS.
>
> Even if you are looking at things like site-to-site VPN you don't need
> any physical routers at all. You can install VPC on both workstations and
> configure RRAS in a vm in each site to act as your router. You can then
> connect the two sites, using the local LAN as the common carrier or
> "public" network. Virtual networks are a great way to test network
> configs without needing lots of hardware.
>
> For things like "dialup" VPN you could configure a RRAS router in a vm
> with Server 2003 with the "private" LAN on a virtual network and the
> "public" interface connected to the LAN NIC of the host. You could then
> connect from your second workstation (as the client), using the local LAN
> as the "public" network and the virtual network as the private network.
> With VPC you can use the "Local Only" setting for a private virtual
> network.
>
> VPN works over an IP network. Exactly what that underlying network is
> does not affect how VPN works. It does not matter whether it is the
> Internet or simply a local Ethernet connection.
>
>

"JohnB" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> I'm not understanding a few things you said for dialup;
>
> So I use 2003 in a vm.... with it configured with 2 NICs, with a private
> and public IP?
>
> something like...
>
> (private, virtual network) <----- 192.168.1.1 --| SERVER 2003 |--
> 200.200.200.1 -----> (public network)
>
> And how would the client work?
> I wasn't familiar with the Local Only setting.... so I looked it up in vm
> Help. Which says it's used when you don't need to communicate with the
> host machine. And just to understand it better I setup a vpc with that
> setting, and noticed I can't ping anything. So I'm confused as to how
> that would work, as a client.
> I feel like a real dumb azz here, but without having done this before,
> it's hard to visualize all of this.
>
>
>


You just need to get used to the concept that a network is just a
network. You can regard it as any sort of network you like.

When you run VPN over the Internet, you are using the worldwide public
network. For testing you can use any IP network to emulate that public
network. For testing on a LAN with virtual machines and virtual networks you
can regard the LAN as the public network and the virtual network(s) as your
private network(s).

If you set up a RRAS server with two NICs in a vm you can connect one NIC
to Local Only and one NIC to the physical NIC in the host. Your virtual
network is now a private LAN connecting to another network through a router.
You can regard this network as a public network if it makes things clearer
to you. The two networks must be in different IP subnets, but the "public"
network does not need to be use registered public IP addresses. It can use a
different private subnet. If you want it to be obvious, use a completely
different set of private addresses. If your LAN uses 10.0.0.0 or 172.16.0.0,
use 192.168.x.0/24 on the "private" LAN.

If you configure a RRAS server as a remote access server, a machine on
the public network can make a VPN connection to your server and access your
private network. On your setup, this means any machine on your LAN can
connect by VPN to your RRAS server and access your private (virtual) LAN.

Forget about the host machine. It does not play any part in all this.
A client machine on your LAN connects to the "public" NIC of the RRAS server
and sets up a VPN connection to the private network behind it.

Ok, I understand the concept. I've got previous experience with networking.
And I'm now realizing that my difficulty is transferring this to a virtual
setup.

Specifically, doing this with Virtual PC.

So I've got some specific questions:

- on the vm running Server 2003 and RRAS; in the vm setup I have Networking
pointing to the host NIC for Adapter 1 and Local Only for Adapter 2. Once
I've started that vm, how do I tell which NIC is which, for purposes of
setting the IP address?

- what would I use for a default gateway, in the IP settings for the 2 NICs
in the 2003 vm? Does it even need to have one?

- what will the vm client use in it's TCP/IP settings for a default gateway?

I really appreciate the time you've taken with this.
Thanks



"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
>
>
> "JohnB" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
>> I'm not understanding a few things you said for dialup;
>>
>> So I use 2003 in a vm.... with it configured with 2 NICs, with a private
>> and public IP?
>>
>> something like...
>>
>> (private, virtual network) <----- 192.168.1.1 --| SERVER 2003 |--
>> 200.200.200.1 -----> (public network)
>>
>> And how would the client work?
>> I wasn't familiar with the Local Only setting.... so I looked it up in vm
>> Help. Which says it's used when you don't need to communicate with the
>> host machine. And just to understand it better I setup a vpc with that
>> setting, and noticed I can't ping anything. So I'm confused as to how
>> that would work, as a client.
>> I feel like a real dumb azz here, but without having done this before,
>> it's hard to visualize all of this.
>>
>>
>>
>
>
> You just need to get used to the concept that a network is just a
> network. You can regard it as any sort of network you like.
>
> When you run VPN over the Internet, you are using the worldwide public
> network. For testing you can use any IP network to emulate that public
> network. For testing on a LAN with virtual machines and virtual networks
> you can regard the LAN as the public network and the virtual network(s) as
> your private network(s).
>
> If you set up a RRAS server with two NICs in a vm you can connect one
> NIC to Local Only and one NIC to the physical NIC in the host. Your
> virtual network is now a private LAN connecting to another network through
> a router. You can regard this network as a public network if it makes
> things clearer to you. The two networks must be in different IP subnets,
> but the "public" network does not need to be use registered public IP
> addresses. It can use a different private subnet. If you want it to be
> obvious, use a completely different set of private addresses. If your LAN
> uses 10.0.0.0 or 172.16.0.0, use 192.168.x.0/24 on the "private" LAN.
>
> If you configure a RRAS server as a remote access server, a machine on
> the public network can make a VPN connection to your server and access
> your private network. On your setup, this means any machine on your LAN
> can connect by VPN to your RRAS server and access your private (virtual)
> LAN.
>
> Forget about the host machine. It does not play any part in all this.
> A client machine on your LAN connects to the "public" NIC of the RRAS
> server and sets up a VPN connection to the private network behind it.
>
>
>

"JohnB" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ok, I understand the concept. I've got previous experience with
> networking. And I'm now realizing that my difficulty is transferring this
> to a virtual setup.
>
> Specifically, doing this with Virtual PC.
>
> So I've got some specific questions:
>
> - on the vm running Server 2003 and RRAS; in the vm setup I have
> Networking pointing to the host NIC for Adapter 1 and Local Only for
> Adapter 2. Once I've started that vm, how do I tell which NIC is which,
> for purposes of setting the IP address?
>
> - what would I use for a default gateway, in the IP settings for the 2
> NICs in the 2003 vm? Does it even need to have one?
>
> - what will the vm client use in it's TCP/IP settings for a default
> gateway?
>
> I really appreciate the time you've taken with this.
> Thanks
>
>
The best way to avoid confusion with two NICs is to rename them. Public
and private make more sense that LAC1 and LAC2.

Default gateway settings depend on what you are trying to do. If you
want to give the private LAN access to the physical LAN and/or the Internet,
the best way to do it is to set the router up as a NAT router and use its
private interface as the client's dg. eg

Internet
|
public IP
Internet gateway
10.1.1.1
|
LAN IP (interface linked to physical NIC of host)
10.1.1.21 dg 10.1.1.1
RRAS/NAT vm
192.168.21.1 dg blank
Private IP (Local Only interface)
|
Private clients (Local Only)
192.168.21.x dg 192.168.21.1

For VPN, the gateway address of machines in the private LAN should also
be set to point to the RRAS router's private interface.