RRAS twin NIC and routing to default gateway

We have two NICS in a server, one on a 50.x.x.x address range and one on a
10.x.x.x range.

On the 10. range we have a default gateway to the Internet via a router.

The machines that connect onto the 50. address range can see the server as
can the 10. range pc's.

However, the 50. range has no gateway to the internet

On the odd occasion , I'd like to have Internet access on the 50. range of
addresses and thought I'd try and be clever and set up RRAS on my server and
route traffic from VPN clients out onto the net via the 10. default gateway.

As soon as I configured RRAS my server dissapeared off the LAN.

If I remove RRAS I get the connectivity back again.

The question is simply this, am I trying to be too clever? Is this possible?

many thanks all,

jON




Jon Rowlan

"Jon Rowlan" <(E-Mail Removed)> wrote in
news:#(E-Mail Removed):

> We have two NICS in a server, one on a 50.x.x.x address range and one
> on a 10.x.x.x range.
>
> On the 10. range we have a default gateway to the Internet via a
> router.
>
> The machines that connect onto the 50. address range can see the
> server as can the 10. range pc's.
>
> However, the 50. range has no gateway to the internet
>
> On the odd occasion , I'd like to have Internet access on the 50.
> range of addresses and thought I'd try and be clever and set up RRAS
> on my server and route traffic from VPN clients out onto the net via
> the 10. default gateway.
>
> As soon as I configured RRAS my server dissapeared off the LAN.
>
> If I remove RRAS I get the connectivity back again.
>
> The question is simply this, am I trying to be too clever? Is this
> possible?
>
> many thanks all,
>
> jON
>
>
>

Yes you can do this with RRAS. I don't know what you mean when you say the
server disappeared off the LAN, but basically you need to configure RRAS as
a router, not as a VPN server. Then the RRAS server will act as a router,
and the clients on the 50 range can use the RRAS server's 50-based IP as
their default gateway to get to the Internet via the router on the 10
network.

There should be some docs in the RRAS Help (see the checklists and/or
content on Routing) that explain how to do all this.

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

Where are these machines which have 50.x.x.x addresses? These are public
IP addresses, so these machines should already be connected to the Internet.
What default gateway setting do the machines with 50.x.x.x IP addresses
have?

"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> We have two NICS in a server, one on a 50.x.x.x address range and one on a
> 10.x.x.x range.
>
> On the 10. range we have a default gateway to the Internet via a router.
>
> The machines that connect onto the 50. address range can see the server as
> can the 10. range pc's.
>
> However, the 50. range has no gateway to the internet
>
> On the odd occasion , I'd like to have Internet access on the 50. range of
> addresses and thought I'd try and be clever and set up RRAS on my server
> and route traffic from VPN clients out onto the net via the 10. default
> gateway.
>
> As soon as I configured RRAS my server dissapeared off the LAN.
>
> If I remove RRAS I get the connectivity back again.
>
> The question is simply this, am I trying to be too clever? Is this
> possible?
>
> many thanks all,
>
> jON
>
>

Also, the router on the 10.x.x.x network will need a static route back to
the 50.x.x.x network.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> We have two NICS in a server, one on a 50.x.x.x address range and one on a
> 10.x.x.x range.
>
> On the 10. range we have a default gateway to the Internet via a router.
>
> The machines that connect onto the 50. address range can see the server as
> can the 10. range pc's.
>
> However, the 50. range has no gateway to the internet
>
> On the odd occasion , I'd like to have Internet access on the 50. range of
> addresses and thought I'd try and be clever and set up RRAS on my server
and
> route traffic from VPN clients out onto the net via the 10. default
gateway.
>
> As soon as I configured RRAS my server dissapeared off the LAN.
>
> If I remove RRAS I get the connectivity back again.
>
> The question is simply this, am I trying to be too clever? Is this
possible?
>
> many thanks all,
>
> jON
>
>

I think maybe I should elaborate ...

The 50. network may be allocated as a public network range but we are using
it as a private range.

The reason for so different a set of ranges is that we use GhostCast quite a
lot and this tends to drag the network to its knees so we use 50. as the
GhostCast network and by utilising switches rather than hubs we keep the
traffic segmented away from our working net.

The server dissapeared off the LAN on the 10. network as the RRAS services
were being started during the RRAS setup. I had configured it for incoming
VPN and pointed the wizard at the 10. NIC as providing the Internet access.
The server did not appear again until I removed RRAS. I have had this
experience many times before and generally try to steer clear of RRAS - its
on the too difficult pile :-)

jON




"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> We have two NICS in a server, one on a 50.x.x.x address range and one on a
> 10.x.x.x range.
>
> On the 10. range we have a default gateway to the Internet via a router.
>
> The machines that connect onto the 50. address range can see the server as
> can the 10. range pc's.
>
> However, the 50. range has no gateway to the internet
>
> On the odd occasion , I'd like to have Internet access on the 50. range of
> addresses and thought I'd try and be clever and set up RRAS on my server
> and route traffic from VPN clients out onto the net via the 10. default
> gateway.
>
> As soon as I configured RRAS my server dissapeared off the LAN.
>
> If I remove RRAS I get the connectivity back again.
>
> The question is simply this, am I trying to be too clever? Is this
> possible?
>
> many thanks all,
>
> jON
>
>

Possible:

Right click My Network Places and select Properties. Click
Advanced/Advanced Settings - make sure that the Local Area Connection for
the 10.x.x.x. NIC is at the top of the binding order.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I think maybe I should elaborate ...
>
> The 50. network may be allocated as a public network range but we are
using
> it as a private range.
>
> The reason for so different a set of ranges is that we use GhostCast quite
a
> lot and this tends to drag the network to its knees so we use 50. as the
> GhostCast network and by utilising switches rather than hubs we keep the
> traffic segmented away from our working net.
>
> The server dissapeared off the LAN on the 10. network as the RRAS services
> were being started during the RRAS setup. I had configured it for incoming
> VPN and pointed the wizard at the 10. NIC as providing the Internet
access.
> The server did not appear again until I removed RRAS. I have had this
> experience many times before and generally try to steer clear of RRAS -
its
> on the too difficult pile :-)
>
> jON
>
>
>
>
> "Jon Rowlan" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > We have two NICS in a server, one on a 50.x.x.x address range and one on
a
> > 10.x.x.x range.
> >
> > On the 10. range we have a default gateway to the Internet via a router.
> >
> > The machines that connect onto the 50. address range can see the server
as
> > can the 10. range pc's.
> >
> > However, the 50. range has no gateway to the internet
> >
> > On the odd occasion , I'd like to have Internet access on the 50. range
of
> > addresses and thought I'd try and be clever and set up RRAS on my server
> > and route traffic from VPN clients out onto the net via the 10. default
> > gateway.
> >
> > As soon as I configured RRAS my server dissapeared off the LAN.
> >
> > If I remove RRAS I get the connectivity back again.
> >
> > The question is simply this, am I trying to be too clever? Is this
> > possible?
> >
> > many thanks all,
> >
> > jON
> >
> >
>
>

OK. There are a couple of things that can go wrong. The most likely is
that you misconfigured RRAS. The other is a default gateway setting problem.

If the 50. network is a private LAN with no other gateway, the easiest
way to give it Internet access is to configure RRAS as a NAT router and set
the machines in the 50. network to use the RRAS router as their default
gateway. They will then be able to see both the machines in the 10. network
and the Internet.

Internet
|
gateway router
10.x.y.254
|
LAN machines
10.x.y.z dg 10.x.y.254
|
10.x.y.n dg 10.x.y.254
RRAS
50.x.y.1 dg blank
|
workstations
50.x.y.z dg 50.x.y.1

If you are configuring RRAS for VPN access on a server like this, don't
use the normal VPN server setup. Set it up as you would for a server with
one NIC.

If you have your server configured to do NAT for the 50. LAN machines,
you can get the VPN clients to the Internet the same way. You add the RRAS
internal interface as an input to NAT (from the NAT section of the RRAS
console). Note that if you are using W2k, this interface won't show up in
the GUI. You will need to use netsh. See KB 310888 .

"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I think maybe I should elaborate ...
>
> The 50. network may be allocated as a public network range but we are
> using it as a private range.
>
> The reason for so different a set of ranges is that we use GhostCast quite
> a lot and this tends to drag the network to its knees so we use 50. as the
> GhostCast network and by utilising switches rather than hubs we keep the
> traffic segmented away from our working net.
>
> The server dissapeared off the LAN on the 10. network as the RRAS services
> were being started during the RRAS setup. I had configured it for incoming
> VPN and pointed the wizard at the 10. NIC as providing the Internet
> access. The server did not appear again until I removed RRAS. I have had
> this experience many times before and generally try to steer clear of
> RRAS - its on the too difficult pile :-)
>
> jON
>
>
>
>
> "Jon Rowlan" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> We have two NICS in a server, one on a 50.x.x.x address range and one on
>> a 10.x.x.x range.
>>
>> On the 10. range we have a default gateway to the Internet via a router.
>>
>> The machines that connect onto the 50. address range can see the server
>> as can the 10. range pc's.
>>
>> However, the 50. range has no gateway to the internet
>>
>> On the odd occasion , I'd like to have Internet access on the 50. range
>> of addresses and thought I'd try and be clever and set up RRAS on my
>> server and route traffic from VPN clients out onto the net via the 10.
>> default gateway.
>>
>> As soon as I configured RRAS my server dissapeared off the LAN.
>>
>> If I remove RRAS I get the connectivity back again.
>>
>> The question is simply this, am I trying to be too clever? Is this
>> possible?
>>
>> many thanks all,
>>
>> jON
>>
>>
>
>

Many thanks all, I will give this a stab at the weekend after next.

regards,

jON

"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> We have two NICS in a server, one on a 50.x.x.x address range and one on a
> 10.x.x.x range.
>
> On the 10. range we have a default gateway to the Internet via a router.
>
> The machines that connect onto the 50. address range can see the server as
> can the 10. range pc's.
>
> However, the 50. range has no gateway to the internet
>
> On the odd occasion , I'd like to have Internet access on the 50. range of
> addresses and thought I'd try and be clever and set up RRAS on my server
> and route traffic from VPN clients out onto the net via the 10. default
> gateway.
>
> As soon as I configured RRAS my server dissapeared off the LAN.
>
> If I remove RRAS I get the connectivity back again.
>
> The question is simply this, am I trying to be too clever? Is this
> possible?
>
> many thanks all,
>
> jON
>
>

I think the reason you "lost" your server was a RRAS configuration
error. If your server has two NICs and you configure it as a VPN server
using the wizard, it assumes that you want the server to be a "VPN only"
device. It sets up packet filters on the "public" NIC to block everything
except VPN-associated traffic.

Use the "manual config" option to just enable remote access.

Since your server doesn't have a real public NIC, how do users connect
to it by VPN? Are you forwarding ports from your gateway router?

"Jon Rowlan" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Many thanks all, I will give this a stab at the weekend after next.
>
> regards,
>
> jON
>
> "Jon Rowlan" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> We have two NICS in a server, one on a 50.x.x.x address range and one on
>> a 10.x.x.x range.
>>
>> On the 10. range we have a default gateway to the Internet via a router.
>>
>> The machines that connect onto the 50. address range can see the server
>> as can the 10. range pc's.
>>
>> However, the 50. range has no gateway to the internet
>>
>> On the odd occasion , I'd like to have Internet access on the 50. range
>> of addresses and thought I'd try and be clever and set up RRAS on my
>> server and route traffic from VPN clients out onto the net via the 10.
>> default gateway.
>>
>> As soon as I configured RRAS my server dissapeared off the LAN.
>>
>> If I remove RRAS I get the connectivity back again.
>>
>> The question is simply this, am I trying to be too clever? Is this
>> possible?
>>
>> many thanks all,
>>
>> jON
>>
>>
>
>