Dual NIC Routing

I have a 2003 SBS Server with 2 nic cards one configured on one network and
the other on a different network. I have installed the RRAS and enabled it
for LAN routing. what else do I need to do to get the server to route
between the 2 cards?


Lee

Have you enabled IP routing?

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"Lee" <(E-Mail Removed)> wrote in message
news:462E8544-E2A3-4D60-8994-(E-Mail Removed)...
>I have a 2003 SBS Server with 2 nic cards one configured on one network and
> the other on a different network. I have installed the RRAS and enabled it
> for LAN routing. what else do I need to do to get the server to route
> between the 2 cards?

That is a very bad idea. Using a DC as a router is always a bad idea. It
will cause you all sorts of problems. Use some other device as your router.

Routing between two subnets is easy if there is no other router
involved. But if one subnet already has a routed connection (such as an
Internet connection) it won't work without some extra work.

Here is the simple case which just works.

192.168.21.x dg 92.168.21.1
|
192.168.21.1 dg blank
router
192.168.31.1 dg blank
|
192.168.31.x dg 192.168.31.1

Here is a common setup which won't work.

Internet
|
gateway router
192.168.21.1
|
workstations
192.168.21.x dg 192.168.21.1
|
192.168.21.254 dg 192.168.21.1
router
192.168.31.1 dg blank
|
192.168.31.x dg 192.168.31.1

This doesn't work because the default gateway for the 192.168.21 subnet
is the gateway router, not the internal router. To route between the subnets
you need extra routing on the gateway router to "bounce" local traffic to
the internal router.




"Lee" <(E-Mail Removed)> wrote in message
news:462E8544-E2A3-4D60-8994-(E-Mail Removed)...
>I have a 2003 SBS Server with 2 nic cards one configured on one network and
> the other on a different network. I have installed the RRAS and enabled it
> for LAN routing. what else do I need to do to get the server to route
> between the 2 cards?

In news:(E-Mail Removed),
Bill Grant <not.available@online> typed:
> That is a very bad idea. Using a DC as a router is always a bad
> idea. It will cause you all sorts of problems. Use some other device
> as your router.
> Routing between two subnets is easy if there is no other router
> involved. But if one subnet already has a routed connection (such as
> an Internet connection) it won't work without some extra work.
>
> Here is the simple case which just works.
>
> 192.168.21.x dg 92.168.21.1
> |
> 192.168.21.1 dg blank
> router
> 192.168.31.1 dg blank
> |
> 192.168.31.x dg 192.168.31.1
>
> Here is a common setup which won't work.
>
> Internet
> |
> gateway router
> 192.168.21.1
> |
> workstations
> 192.168.21.x dg 192.168.21.1
> |
> 192.168.21.254 dg 192.168.21.1
> router
> 192.168.31.1 dg blank
> |
> 192.168.31.x dg 192.168.31.1
>
> This doesn't work because the default gateway for the 192.168.21
> subnet is the gateway router, not the internal router. To route
> between the subnets you need extra routing on the gateway router to
> "bounce" local traffic to the internal router.

Hence a static entry. :-)

Maybe he means he wants to NAT?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

"Ace Fekay [MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> In news:(E-Mail Removed),
> Bill Grant <not.available@online> typed:
>> That is a very bad idea. Using a DC as a router is always a bad
>> idea. It will cause you all sorts of problems. Use some other device
>> as your router.
>> Routing between two subnets is easy if there is no other router
>> involved. But if one subnet already has a routed connection (such as
>> an Internet connection) it won't work without some extra work.
>>
>> Here is the simple case which just works.
>>
>> 192.168.21.x dg 92.168.21.1
>> |
>> 192.168.21.1 dg blank
>> router
>> 192.168.31.1 dg blank
>> |
>> 192.168.31.x dg 192.168.31.1
>>
>> Here is a common setup which won't work.
>>
>> Internet
>> |
>> gateway router
>> 192.168.21.1
>> |
>> workstations
>> 192.168.21.x dg 192.168.21.1
>> |
>> 192.168.21.254 dg 192.168.21.1
>> router
>> 192.168.31.1 dg blank
>> |
>> 192.168.31.x dg 192.168.31.1
>>
>> This doesn't work because the default gateway for the 192.168.21
>> subnet is the gateway router, not the internal router. To route
>> between the subnets you need extra routing on the gateway router to
>> "bounce" local traffic to the internal router.
>
> Hence a static entry. :-)
>
> Maybe he means he wants to NAT?
>
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
>
Maybe he does, but then it won't route between the two subnets, because
one is on the "public" side of the NAT. It will give the "new" subnet
Internet access. We will have to wait for more info from the OP.

In news:(E-Mail Removed),
Bill Grant <not.available@online> typed:

> Maybe he does, but then it won't route between the two subnets,
> because one is on the "public" side of the NAT. It will give the
> "new" subnet Internet access. We will have to wait for more info from
> the OP.

True, even if NAT'd, he won't be able to add another subnet without a static
route. Maybe the original poster can shed some light on this. In the
meantime, here is a static route example I drew up in the past for my
students. Hopefully it will help him and others out.

http://fekay.com/SupportBlogs/StaticRouteExample.htm

Ace

Well bad idea or not it has to be done, and SBS documentation suggests this
very scenario. so regardless...
Primary NIC Card 192.168.3.103 has gateway 192.168.3.7 which is the internet
and routes its traffic to the internet and works as expected. Now add
secondary NIC 192.168.5.103 (note the 5). Now I need to add the static
entries to RRAS to get the "5" subnet to the "3" subnet and the internet, and
visa versa the 3 sub net to the "5" subnet. I would expect entries in RRas to
get the "5" subnet to the "3" subnet and the internet, and perhaps entries in
the internet router to bounce the "5" subnet back somehow... ?????

No, you don't need to add any routes to the RRAS router. That isn't
where the routing problem is. You have to add the route(s) to the Internet
router. The new subnet can get to LAN 1 machines and the Internet router by
default routing. Getting back is the problem and needs a static route on the
Internet router because its default route is out to the Internet.

Internet
|
gateway router
192.168.3.7
|
LAN 1 machines
|
192.168.3.x dg 192.168.3.7
|
192.168.3.103 dg 192.168.3.7
RRAS
192.168.5103 dg blank
|
LAN 2 machines
192.168.5.x dg 192.168.5.103

The Internet router needs a static route to forward traffic for
192.168.5 to the RRAS router. This is required for both traffic coming from
the Internet and for traffic from LAN 1 (which goes to the gateway by
default and needs to be bounced to the RRAS router).

A ststic route like 192.168.5.0 255.255.255.0 192.168.3.103 on the
gateway router should get it working if the RRAS router has LAN routing
enabled.


"Lee" <(E-Mail Removed)> wrote in message
news:30B2E33C-4240-497E-9385-(E-Mail Removed)...
> Well bad idea or not it has to be done, and SBS documentation suggests
> this
> very scenario. so regardless...
> Primary NIC Card 192.168.3.103 has gateway 192.168.3.7 which is the
> internet
> and routes its traffic to the internet and works as expected. Now add
> secondary NIC 192.168.5.103 (note the 5). Now I need to add the static
> entries to RRAS to get the "5" subnet to the "3" subnet and the internet,
> and
> visa versa the 3 sub net to the "5" subnet. I would expect entries in RRas
> to
> get the "5" subnet to the "3" subnet and the internet, and perhaps entries
> in
> the internet router to bounce the "5" subnet back somehow... ?????
>

Yes and thanks, I figured that out after a little playing around.

FYI it would be nice if when replying to these that the original text be
deleted so that only the reply is visible. AND if anyone at "headquarters" is
reading. How about changing the code for the site so that the original
message is not automatically placed in the reply.

That has nothing to do with the site. It is a setting in each user's
newreader, and many people would be very upset if they could not see the
complete conversation.

"Lee" <(E-Mail Removed)> wrote in message
news:5E20EEDF-3909-47FF-AF1E-(E-Mail Removed)...
> Yes and thanks, I figured that out after a little playing around.
>
> FYI it would be nice if when replying to these that the original text be
> deleted so that only the reply is visible. AND if anyone at "headquarters"
> is
> reading. How about changing the code for the site so that the original
> message is not automatically placed in the reply.