setup windows 2003 server as router between 2 private LANs

Hi all

Recently I setup a windows 2003 server as router between 2 private LANs
LAN A (network 192.168.1.0 subnet mask 255.255.255.0)
LAN B (network 172.16.0.0 subnet mask 255.255.0.0)

My multi-home server has 2 NICs, each connect to different LAN
NIC A ( IP address 192.168.1.7 subnet mask 255.255.255.0) attached
to LAN A
NIC B ( IP address 172.16.0.2 subnet mask 255.255.0.0) attached to
LAN B
And I have enabled the IP routing function in this server by
configuring the RRAS mmc.

I try to ping one of IP addresses (192.168.1.1) in LAN A from a
computer called "Test" which located in LAN B.

Test ( IP address 172.16.0.3 subnet mask 255.255.0.0)

I run these command in "Test"

Route add 192.168.1.0 mask 255.255.255.0 172.16.0.2
Ping 172.16.0.2 successful
Ping 192.168.1.7 successful
Ping 192.168.1.1 time out

If I run the ping command in the router (the window server), I can
reach all the host in both LAN. But why I can't reach the address
192.168.1.1 even I can reach the address 192.168.1.7 ?

Thanks for your time

Wing



Wing

posting the result of the server routing table here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Wing" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) oups.com...
Hi all

Recently I setup a windows 2003 server as router between 2 private LANs
LAN A (network 192.168.1.0 subnet mask 255.255.255.0)
LAN B (network 172.16.0.0 subnet mask 255.255.0.0)

My multi-home server has 2 NICs, each connect to different LAN
NIC A ( IP address 192.168.1.7 subnet mask 255.255.255.0) attached
to LAN A
NIC B ( IP address 172.16.0.2 subnet mask 255.255.0.0) attached to
LAN B
And I have enabled the IP routing function in this server by
configuring the RRAS mmc.

I try to ping one of IP addresses (192.168.1.1) in LAN A from a
computer called "Test" which located in LAN B.

Test ( IP address 172.16.0.3 subnet mask 255.255.0.0)

I run these command in "Test"

Route add 192.168.1.0 mask 255.255.255.0 172.16.0.2
Ping 172.16.0.2 successful
Ping 192.168.1.7 successful
Ping 192.168.1.1 time out

If I run the ping command in the router (the window server), I can
reach all the host in both LAN. But why I can't reach the address
192.168.1.1 even I can reach the address 192.168.1.7 ?

Thanks for your time

Wing

Probably you can reach 192.168.1.1; however, 192.168.1.1 does not know where
to send a reply. For the same reason you created a static route on Test to
reach the 192.168.1.x network, you need to do something similar to allow the
192.168.1.x network to reach 172.16.x.x. 192.168.1.x devices must either
have a default gateway pointing to 192.168.1.7, or a static route configured
on some other default gateway, or routes configured on individual devices:

route add 172.16.0.0 MASK 255.255.0.0 192.168.1.7

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Wing" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi all
>
> Recently I setup a windows 2003 server as router between 2 private LANs
> LAN A (network 192.168.1.0 subnet mask 255.255.255.0)
> LAN B (network 172.16.0.0 subnet mask 255.255.0.0)
>
> My multi-home server has 2 NICs, each connect to different LAN
> NIC A ( IP address 192.168.1.7 subnet mask 255.255.255.0) attached
> to LAN A
> NIC B ( IP address 172.16.0.2 subnet mask 255.255.0.0) attached to
> LAN B
> And I have enabled the IP routing function in this server by
> configuring the RRAS mmc.
>
> I try to ping one of IP addresses (192.168.1.1) in LAN A from a
> computer called "Test" which located in LAN B.
>
> Test ( IP address 172.16.0.3 subnet mask 255.255.0.0)
>
> I run these command in "Test"
>
> Route add 192.168.1.0 mask 255.255.255.0 172.16.0.2
> Ping 172.16.0.2 successful
> Ping 192.168.1.7 successful
> Ping 192.168.1.1 time out
>
> If I run the ping command in the router (the window server), I can
> reach all the host in both LAN. But why I can't reach the address
> 192.168.1.1 even I can reach the address 192.168.1.7 ?
>
> Thanks for your time
>
> Wing
>

Hi Wing,

This question comes up fairly often. You really need to understand how
IP routing works to see why putting in an extra router doesn't work without
changing anything.

Enabling IP routing enables the machine to forward traffic from one
interface to the other (ie from one subnet to the other). But it only works
if the packet actually reaches the router!

In the simplest case, there are no problems. You simply make the router
the default gateway for both subnets and it works. eg

192.168.1.x dg 192.168.1.1
|
192.168.1.1 dg blank
router
192.168.2.1 dg blank
|
192.168.2.x dg 192.168.2.1

If one subnet has an Internet connection, routing fails. It fails
because the default gateway is the Internet router (not the internal router
between the subnets). To get routing working between the private subnets you
need extra routing to get the traffic to the internal router (as Doug
pointed out). A common way to do this is to add a static route to the
Internet router to "bounce" the local traffic to the internal router. eg

Internet
|
router
192.168.1.254
|
workstations
192.168.1.x dg 192.168.1.254
|
192.168.1.1 dg 192.168.1.254
router
192.168.2.1 dg blank
|
192.168.2.x dg 192.168.2.1

This will work if you add a static route to the Internet router to
forward traffic for 192.168.2.0 to the internal router. ie

192.168.2.0 255.255.255.0 192.168.1.1

Wing wrote:
> Hi all
>
> Recently I setup a windows 2003 server as router between 2 private
> LANs LAN A (network 192.168.1.0 subnet mask 255.255.255.0)
> LAN B (network 172.16.0.0 subnet mask 255.255.0.0)
>
> My multi-home server has 2 NICs, each connect to different LAN
> NIC A ( IP address 192.168.1.7 subnet mask 255.255.255.0) attached
> to LAN A
> NIC B ( IP address 172.16.0.2 subnet mask 255.255.0.0) attached to
> LAN B
> And I have enabled the IP routing function in this server by
> configuring the RRAS mmc.
>
> I try to ping one of IP addresses (192.168.1.1) in LAN A from a
> computer called "Test" which located in LAN B.
>
> Test ( IP address 172.16.0.3 subnet mask 255.255.0.0)
>
> I run these command in "Test"
>
> Route add 192.168.1.0 mask 255.255.255.0 172.16.0.2
> Ping 172.16.0.2 successful
> Ping 192.168.1.7 successful
> Ping 192.168.1.1 time out
>
> If I run the ping command in the router (the window server), I can
> reach all the host in both LAN. But why I can't reach the address
> 192.168.1.1 even I can reach the address 192.168.1.7 ?
>
> Thanks for your time
>
> Wing

In news:(E-Mail Removed) oups.com,
Wing <(E-Mail Removed)> stated, which I commented on below:
> Hi all
>
> Recently I setup a windows 2003 server as router between 2 private
> LANs LAN A (network 192.168.1.0 subnet mask 255.255.255.0)
> LAN B (network 172.16.0.0 subnet mask 255.255.0.0)
>
> My multi-home server has 2 NICs, each connect to different LAN
> NIC A ( IP address 192.168.1.7 subnet mask 255.255.255.0) attached
> to LAN A
> NIC B ( IP address 172.16.0.2 subnet mask 255.255.0.0) attached to
> LAN B
> And I have enabled the IP routing function in this server by
> configuring the RRAS mmc.
>
> I try to ping one of IP addresses (192.168.1.1) in LAN A from a
> computer called "Test" which located in LAN B.
>
> Test ( IP address 172.16.0.3 subnet mask 255.255.0.0)
>
> I run these command in "Test"
>
> Route add 192.168.1.0 mask 255.255.255.0 172.16.0.2
> Ping 172.16.0.2 successful
> Ping 192.168.1.7 successful
> Ping 192.168.1.1 time out
>
> If I run the ping command in the router (the window server), I can
> reach all the host in both LAN. But why I can't reach the address
> 192.168.1.1 even I can reach the address 192.168.1.7 ?
>
> Thanks for your time
>
> Wing

As others have mentioned, it's a routing issue and possibly a missing static
route.

Look at this Visio diagram for a clean routing example and see if it helps
to understand where you're going wrong or what's misconfigured:

http://fekay.com/SupportBlogs/StaticRouteExample.htm

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.

The only thing in life is change. Anything less is a blackhole consuming
unnecessary energy.
===========================

Thanks for all your guys help

Doug sherman is right, i haven't tell the computer how to send back the
ping responding packet, it is working now once i set up the default
gateway in the computer.

thanks for your time, very appreciated.


Wing