Windows 2000 server as Network Router

Hi All,

I have a server with 2 NICs, I already configured RRAS to make my server as
network router. Below the configuration has been done.

Ethernet 1 (connect to Subnet A)
IP Address : 192.168.128.3
Subnet Mask : 255.255.255.0
Gateway : 192.168.128.254

Ethernet 2 (connect to Subnet B)
IP Address : 192.168.8.2
Subnet Mask : 255.255.255.0

Now from subnet A I can ping the computer at Subnet B. But I can't ping the
computer in Subnet A from Subnet B. The following my Static IP Route Table:

Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated Fast Ether

================================================== ===
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2 1
192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2 1
192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3 1
192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3 1
224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2 1
224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3 1
255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3 1
Default Gateway: 192.168.128.254
================================================== ===
Persistent Routes:
None

Thanks,
Jai

There are no "static routes" and the routing table should never be touched o
altered. this is an extremely simplified situation with two networks with a
LAN Router between them. The Router is already "aware" of both networks
because both are directly connected to it, so there are no static routes to
add..

All machines on the LAN must use the LAN Router as their Default Gateway,
however they must use the Inerface that faces them (is in their own subnet).

If the Internet is invloved and you have a typical NAT Device on the network
Edge, then the LAN Router must use this NAT Device as its Default
Gateway,...while all Client use the LAN Router as their Default Gateway.

Now if A can ping B, than the Router is fine both in directions because
"ping" from any direction requires that things work both ways (the reply has
to get back to the sender). If B cannot ping A you may have a personal
firewall running on the machine in A that stops it from recieving the ping.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"xisnet" <(E-Mail Removed)> wrote in message
newsAB6879A-54C2-424C-9929-(E-Mail Removed)...
> Hi All,
>
> I have a server with 2 NICs, I already configured RRAS to make my server
as
> network router. Below the configuration has been done.
>
> Ethernet 1 (connect to Subnet A)
> IP Address : 192.168.128.3
> Subnet Mask : 255.255.255.0
> Gateway : 192.168.128.254
>
> Ethernet 2 (connect to Subnet B)
> IP Address : 192.168.8.2
> Subnet Mask : 255.255.255.0
>
> Now from subnet A I can ping the computer at Subnet B. But I can't ping
the
> computer in Subnet A from Subnet B. The following my Static IP Route
Table:
>
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
> 0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated Fast
Ether
>
> ================================================== ===
> Active Routes:
> Network Destination Netmask Gateway Interface
Metric
> 0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3
1
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
> 192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2
1
> 192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1
1
> 192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2
1
> 192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3
1
> 192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1
1
> 192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3
1
> 224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2
1
> 224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3
1
> 255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3
1
> Default Gateway: 192.168.128.254
> ================================================== ===
> Persistent Routes:
> None
>
> Thanks,
> Jai

This is a common question and I would add this to Phillip's expanation.
It really just says the same things in a different way.

When you enable IP routing it will forward traffic between the
interfaces. But it can only forward traffic which actually gets to the
router! Making changes at the router itself cannot fix this. You need to
make changes elsewhere in the network to get the traffic to the router.

In the simplest case of one router, it works fine. One each client you
set the default gateway to be the local router NIC. Traffic in the local
subnet is delivered directly (ie "on the wire" using hardware addressing).
Traffic for the "other" subnet is sent to the router. It can deliver the
traffic directly because it has an interface in the other subnet. The setup
for this is simple.

clients
192.168.11.x dg 192.168.11.1
|
192.168.11.1 dg blank
router
192.168.21.1 dg blank
|
192.168.21.x dg 192.168.21.1

If one of these subnets has another router, this usually fails. It fails
because the clients are set to use the "other" router as their default
gateway (to contact another site or the Internet). Traffic for the second
local subnet now goes to the external router and is lost. To solve the
problem you need extra routing to get the local traffic to the internal
router.

You can do this by adding a static route to every client to send traffic
for the other local subnet to the internal router. This will override the
default route, and get the local routing working. A simpler approach is to
add the extra route to the external router. The traffic for the local subnet
will then be redirected (or "bounced") to the internal router. A typical
setup for this would look like

External network
|
external router
192.168.11.254
|
clients
192.168.11.x dg 192.168.11.254
|
192.168.11.1 dg 192.168.11.254
internal router
192.168.21.1 dg blank
|
clients
192.168.21.x dg 192.168.21.1

If you add the extra routing to the external router eg

192.168.21.0 255.255.255.0 192.168.11.1

the local subnets will be able to route correctly. In addition, the
clients on the internal subnet (192.168.21.0) will also be able to see the
external network. Traffic will go out by default routing and get back
because of the route you added to the external router (to forward traffic
for 192.168.21.0 to the internal router).

xisnet wrote:
> Hi All,
>
> I have a server with 2 NICs, I already configured RRAS to make my
> server as network router. Below the configuration has been done.
>
> Ethernet 1 (connect to Subnet A)
> IP Address : 192.168.128.3
> Subnet Mask : 255.255.255.0
> Gateway : 192.168.128.254
>
> Ethernet 2 (connect to Subnet B)
> IP Address : 192.168.8.2
> Subnet Mask : 255.255.255.0
>
> Now from subnet A I can ping the computer at Subnet B. But I can't
> ping the computer in Subnet A from Subnet B. The following my Static
> IP Route Table:
>
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
> 0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated
> Fast Ether
>
> ================================================== ===
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3
> 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1 192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2
> 1 192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1
> 1 192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2
> 1 192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3
> 1 192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1
> 1 192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3
> 1 224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2
> 1 224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3
> 1 255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3
> 1 Default Gateway: 192.168.128.254
> ================================================== ===
> Persistent Routes:
> None
>
> Thanks,
> Jai

Thanks for the answer, Now after I checked the personal firewall I can ping
to windows XP but I still cannot ping windows NT or windows 98, from what I
know either of this OS don't have personal firewall. So is there any setting
I need to check again.

Thanks,

"Phillip Windell" wrote:

> There are no "static routes" and the routing table should never be touched o
> altered. this is an extremely simplified situation with two networks with a
> LAN Router between them. The Router is already "aware" of both networks
> because both are directly connected to it, so there are no static routes to
> add..
>
> All machines on the LAN must use the LAN Router as their Default Gateway,
> however they must use the Inerface that faces them (is in their own subnet).
>
> If the Internet is invloved and you have a typical NAT Device on the network
> Edge, then the LAN Router must use this NAT Device as its Default
> Gateway,...while all Client use the LAN Router as their Default Gateway.
>
> Now if A can ping B, than the Router is fine both in directions because
> "ping" from any direction requires that things work both ways (the reply has
> to get back to the sender). If B cannot ping A you may have a personal
> firewall running on the machine in A that stops it from recieving the ping.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "xisnet" <(E-Mail Removed)> wrote in message
> newsAB6879A-54C2-424C-9929-(E-Mail Removed)...
> > Hi All,
> >
> > I have a server with 2 NICs, I already configured RRAS to make my server
> as
> > network router. Below the configuration has been done.
> >
> > Ethernet 1 (connect to Subnet A)
> > IP Address : 192.168.128.3
> > Subnet Mask : 255.255.255.0
> > Gateway : 192.168.128.254
> >
> > Ethernet 2 (connect to Subnet B)
> > IP Address : 192.168.8.2
> > Subnet Mask : 255.255.255.0
> >
> > Now from subnet A I can ping the computer at Subnet B. But I can't ping
> the
> > computer in Subnet A from Subnet B. The following my Static IP Route
> Table:
> >
> > Interface List
> > 0x1 ........................... MS TCP Loopback interface
> > 0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
> > 0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated Fast
> Ether
> >
> > ================================================== ===
> > Active Routes:
> > Network Destination Netmask Gateway Interface
> Metric
> > 0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3
> 1
> > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> > 192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2
> 1
> > 192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1
> 1
> > 192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2
> 1
> > 192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3
> 1
> > 192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1
> 1
> > 192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3
> 1
> > 224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2
> 1
> > 224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3
> 1
> > 255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3
> 1
> > Default Gateway: 192.168.128.254
> > ================================================== ===
> > Persistent Routes:
> > None
> >
> > Thanks,
> > Jai
>
>
>

Thank Phillips and Bill, I already solved the problem.

Thank You.

"Bill Grant" wrote:

> This is a common question and I would add this to Phillip's expanation.
> It really just says the same things in a different way.
>
> When you enable IP routing it will forward traffic between the
> interfaces. But it can only forward traffic which actually gets to the
> router! Making changes at the router itself cannot fix this. You need to
> make changes elsewhere in the network to get the traffic to the router.
>
> In the simplest case of one router, it works fine. One each client you
> set the default gateway to be the local router NIC. Traffic in the local
> subnet is delivered directly (ie "on the wire" using hardware addressing).
> Traffic for the "other" subnet is sent to the router. It can deliver the
> traffic directly because it has an interface in the other subnet. The setup
> for this is simple.
>
> clients
> 192.168.11.x dg 192.168.11.1
> |
> 192.168.11.1 dg blank
> router
> 192.168.21.1 dg blank
> |
> 192.168.21.x dg 192.168.21.1
>
> If one of these subnets has another router, this usually fails. It fails
> because the clients are set to use the "other" router as their default
> gateway (to contact another site or the Internet). Traffic for the second
> local subnet now goes to the external router and is lost. To solve the
> problem you need extra routing to get the local traffic to the internal
> router.
>
> You can do this by adding a static route to every client to send traffic
> for the other local subnet to the internal router. This will override the
> default route, and get the local routing working. A simpler approach is to
> add the extra route to the external router. The traffic for the local subnet
> will then be redirected (or "bounced") to the internal router. A typical
> setup for this would look like
>
> External network
> |
> external router
> 192.168.11.254
> |
> clients
> 192.168.11.x dg 192.168.11.254
> |
> 192.168.11.1 dg 192.168.11.254
> internal router
> 192.168.21.1 dg blank
> |
> clients
> 192.168.21.x dg 192.168.21.1
>
> If you add the extra routing to the external router eg
>
> 192.168.21.0 255.255.255.0 192.168.11.1
>
> the local subnets will be able to route correctly. In addition, the
> clients on the internal subnet (192.168.21.0) will also be able to see the
> external network. Traffic will go out by default routing and get back
> because of the route you added to the external router (to forward traffic
> for 192.168.21.0 to the internal router).
>
> xisnet wrote:
> > Hi All,
> >
> > I have a server with 2 NICs, I already configured RRAS to make my
> > server as network router. Below the configuration has been done.
> >
> > Ethernet 1 (connect to Subnet A)
> > IP Address : 192.168.128.3
> > Subnet Mask : 255.255.255.0
> > Gateway : 192.168.128.254
> >
> > Ethernet 2 (connect to Subnet B)
> > IP Address : 192.168.8.2
> > Subnet Mask : 255.255.255.0
> >
> > Now from subnet A I can ping the computer at Subnet B. But I can't
> > ping the computer in Subnet A from Subnet B. The following my Static
> > IP Route Table:
> >
> > Interface List
> > 0x1 ........................... MS TCP Loopback interface
> > 0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
> > 0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated
> > Fast Ether
> >
> > ================================================== ===
> > Active Routes:
> > Network Destination Netmask Gateway Interface
> > Metric
> > 0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3
> > 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> > 1 192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2
> > 1 192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1
> > 1 192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2
> > 1 192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3
> > 1 192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1
> > 1 192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3
> > 1 224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2
> > 1 224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3
> > 1 255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3
> > 1 Default Gateway: 192.168.128.254
> > ================================================== ===
> > Persistent Routes:
> > None
> >
> > Thanks,
> > Jai
>
>
>

Hi,

Now both network can ping each other and access each other, but one subnet
that not same which subnet which email & proxy server reside have a problem
browse an internet and access to email server. Below my network structure

External router(192.168.128.254)
|
Email & Proxy server (192.168.128.253) dg 192.168.128.254
|
Client (192.168.128.xxx) dg 192.168.128.3
| Subnet A
192.168.128.3 dg blank
internal router
192.168.8.2 dg blank
| Suhnet B
Client(192.168.8.xxx) dg 192.168.8.2 -> can't access internet and email


What I need to set for Subent B can access to the internet and Email

Thanks,
Jai

"Bill Grant" wrote:

> This is a common question and I would add this to Phillip's expanation.
> It really just says the same things in a different way.
>
> When you enable IP routing it will forward traffic between the
> interfaces. But it can only forward traffic which actually gets to the
> router! Making changes at the router itself cannot fix this. You need to
> make changes elsewhere in the network to get the traffic to the router.
>
> In the simplest case of one router, it works fine. One each client you
> set the default gateway to be the local router NIC. Traffic in the local
> subnet is delivered directly (ie "on the wire" using hardware addressing).
> Traffic for the "other" subnet is sent to the router. It can deliver the
> traffic directly because it has an interface in the other subnet. The setup
> for this is simple.
>
> clients
> 192.168.11.x dg 192.168.11.1
> |
> 192.168.11.1 dg blank
> router
> 192.168.21.1 dg blank
> |
> 192.168.21.x dg 192.168.21.1
>
> If one of these subnets has another router, this usually fails. It fails
> because the clients are set to use the "other" router as their default
> gateway (to contact another site or the Internet). Traffic for the second
> local subnet now goes to the external router and is lost. To solve the
> problem you need extra routing to get the local traffic to the internal
> router.
>
> You can do this by adding a static route to every client to send traffic
> for the other local subnet to the internal router. This will override the
> default route, and get the local routing working. A simpler approach is to
> add the extra route to the external router. The traffic for the local subnet
> will then be redirected (or "bounced") to the internal router. A typical
> setup for this would look like
>
> External network
> |
> external router
> 192.168.11.254
> |
> clients
> 192.168.11.x dg 192.168.11.254
> |
> 192.168.11.1 dg 192.168.11.254
> internal router
> 192.168.21.1 dg blank
> |
> clients
> 192.168.21.x dg 192.168.21.1
>
> If you add the extra routing to the external router eg
>
> 192.168.21.0 255.255.255.0 192.168.11.1
>
> the local subnets will be able to route correctly. In addition, the
> clients on the internal subnet (192.168.21.0) will also be able to see the
> external network. Traffic will go out by default routing and get back
> because of the route you added to the external router (to forward traffic
> for 192.168.21.0 to the internal router).
>
> xisnet wrote:
> > Hi All,
> >
> > I have a server with 2 NICs, I already configured RRAS to make my
> > server as network router. Below the configuration has been done.
> >
> > Ethernet 1 (connect to Subnet A)
> > IP Address : 192.168.128.3
> > Subnet Mask : 255.255.255.0
> > Gateway : 192.168.128.254
> >
> > Ethernet 2 (connect to Subnet B)
> > IP Address : 192.168.8.2
> > Subnet Mask : 255.255.255.0
> >
> > Now from subnet A I can ping the computer at Subnet B. But I can't
> > ping the computer in Subnet A from Subnet B. The following my Static
> > IP Route Table:
> >
> > Interface List
> > 0x1 ........................... MS TCP Loopback interface
> > 0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
> > 0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated
> > Fast Ether
> >
> > ================================================== ===
> > Active Routes:
> > Network Destination Netmask Gateway Interface
> > Metric
> > 0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3
> > 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> > 1 192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2
> > 1 192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1
> > 1 192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2
> > 1 192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3
> > 1 192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1
> > 1 192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3
> > 1 224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2
> > 1 224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3
> > 1 255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3
> > 1 Default Gateway: 192.168.128.254
> > ================================================== ===
> > Persistent Routes:
> > None
> >
> > Thanks,
> > Jai
>
>
>

First up, you need a static route on the email/proxy server to forward
traffic for 192.168.8.0 machines to 192.168.128.3. At the moment this
traffic will be going to the default router at 192.168.128.254 and getting
lost.

As Phillip said earlier, you also need to define the 192.168.8.0 subnet
as being part of your internal network (ie included in the LAT) in the proxy
server settings.

xisnet wrote:
> Hi,
>
> Now both network can ping each other and access each other, but one
> subnet that not same which subnet which email & proxy server reside
> have a problem browse an internet and access to email server. Below
> my network structure
>
> External router(192.168.128.254)
> |
> Email & Proxy server (192.168.128.253) dg 192.168.128.254
> |
> Client (192.168.128.xxx) dg 192.168.128.3
> | Subnet A
> 192.168.128.3 dg blank
> internal router
> 192.168.8.2 dg blank
> | Suhnet B
> Client(192.168.8.xxx) dg 192.168.8.2 -> can't access internet and
> email
>
>
> What I need to set for Subent B can access to the internet and Email
>
> Thanks,
> Jai
>
> "Bill Grant" wrote:
>
>> This is a common question and I would add this to Phillip's
>> expanation. It really just says the same things in a different way.
>>
>> When you enable IP routing it will forward traffic between the
>> interfaces. But it can only forward traffic which actually gets to
>> the router! Making changes at the router itself cannot fix this. You
>> need to make changes elsewhere in the network to get the traffic to
>> the router.
>>
>> In the simplest case of one router, it works fine. One each
>> client you set the default gateway to be the local router NIC.
>> Traffic in the local subnet is delivered directly (ie "on the wire"
>> using hardware addressing). Traffic for the "other" subnet is sent
>> to the router. It can deliver the traffic directly because it has an
>> interface in the other subnet. The setup for this is simple.
>>
>> clients
>> 192.168.11.x dg 192.168.11.1
>> |
>> 192.168.11.1 dg blank
>> router
>> 192.168.21.1 dg blank
>> |
>> 192.168.21.x dg 192.168.21.1
>>
>> If one of these subnets has another router, this usually fails.
>> It fails because the clients are set to use the "other" router as
>> their default gateway (to contact another site or the Internet).
>> Traffic for the second local subnet now goes to the external router
>> and is lost. To solve the problem you need extra routing to get the
>> local traffic to the internal router.
>>
>> You can do this by adding a static route to every client to send
>> traffic for the other local subnet to the internal router. This will
>> override the default route, and get the local routing working. A
>> simpler approach is to add the extra route to the external router.
>> The traffic for the local subnet will then be redirected (or
>> "bounced") to the internal router. A typical setup for this would
>> look like
>>
>> External network
>> |
>> external router
>> 192.168.11.254
>> |
>> clients
>> 192.168.11.x dg 192.168.11.254
>> |
>> 192.168.11.1 dg 192.168.11.254
>> internal router
>> 192.168.21.1 dg blank
>> |
>> clients
>> 192.168.21.x dg 192.168.21.1
>>
>> If you add the extra routing to the external router eg
>>
>> 192.168.21.0 255.255.255.0 192.168.11.1
>>
>> the local subnets will be able to route correctly. In addition,
>> the clients on the internal subnet (192.168.21.0) will also be able
>> to see the external network. Traffic will go out by default routing
>> and get back because of the route you added to the external router
>> (to forward traffic for 192.168.21.0 to the internal router).
>>
>> xisnet wrote:
>>> Hi All,
>>>
>>> I have a server with 2 NICs, I already configured RRAS to make my
>>> server as network router. Below the configuration has been done.
>>>
>>> Ethernet 1 (connect to Subnet A)
>>> IP Address : 192.168.128.3
>>> Subnet Mask : 255.255.255.0
>>> Gateway : 192.168.128.254
>>>
>>> Ethernet 2 (connect to Subnet B)
>>> IP Address : 192.168.8.2
>>> Subnet Mask : 255.255.255.0
>>>
>>> Now from subnet A I can ping the computer at Subnet B. But I can't
>>> ping the computer in Subnet A from Subnet B. The following my Static
>>> IP Route Table:
>>>
>>> Interface List
>>> 0x1 ........................... MS TCP Loopback interface
>>> 0x1000003 ...00 00 4c 9f 03 3c ...... Intel(R) PRO/1000 Adapter
>>> 0x1000004 ...00 00 4c 9f 03 3b ...... Intel 8255x-based Integrated
>>> Fast Ether
>>>
>>> ================================================== ===
>>> Active Routes:
>>> Network Destination Netmask Gateway Interface
>>> Metric
>>> 0.0.0.0 0.0.0.0 192.168.128.254 192.168.128.3
>>> 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
>>> 1 192.168.8.0 255.255.255.0 192.168.8.2 192.168.8.2
>>> 1 192.168.8.2 255.255.255.255 127.0.0.1 127.0.0.1
>>> 1 192.168.8.255 255.255.255.255 192.168.8.2 192.168.8.2
>>> 1 192.168.128.0 255.255.255.0 192.168.128.3 192.168.128.3
>>> 1 192.168.128.3 255.255.255.255 127.0.0.1 127.0.0.1
>>> 1 192.168.128.255 255.255.255.255 192.168.128.3 192.168.128.3
>>> 1 224.0.0.0 224.0.0.0 192.168.8.2 192.168.8.2
>>> 1 224.0.0.0 224.0.0.0 192.168.128.3 192.168.128.3
>>> 1 255.255.255.255 255.255.255.255 192.168.128.3 192.168.128.3
>>> 1 Default Gateway: 192.168.128.254
>>> ================================================== ===
>>> Persistent Routes:
>>> None
>>>
>>> Thanks,
>>> Jai

"Bill Grant" <not.available@online> wrote in message
news:%(E-Mail Removed)...
> 192.168.11.1 dg 192.168.11.254
> internal router
> 192.168.21.1 dg blank
> |
> clients
> 192.168.21.x dg 192.168.21.1

> If you add the extra routing to the external router eg

> 192.168.21.0 255.255.255.0 192.168.11.1

I wouldn't add static routes to the clients. I would add the routes to the
Router they are already using as the DG. This way the routing is
centralized. Then future changes would be made on a single device instead of
repeated changes on every client. Both methods work, but centralizing it is
more managable, especially if he system becomes large. In the diagram
below, the furthest network opposite of router#2 is a Stub network
(192.168.200.x), so no Static Route is need on router#2,..the DG on route#2
covers it.

Internet NAT Device = 192.168.11.254
All Clients in 192.168.11.x use DG-192.168.11.1
All Clients in 192.168.21.x use DG-192.168.21.1
All Clients in 192.168.200.x use DG-192.168.200.1
No Statics Routes on clients

Internal router #1
int#1 192.168.11.1
int#2 192.168.21.1
dg 192.168.11.254
<statics routes added here>
[net] [mask] [gateway] [int]
[metric]
192.168.200.0 mask-255.255.255.0 192.168.21.2 int#2 metric 1

Internal router#2
int#1 192.168.21.2
int#2 192.168.200.1
dg 192.168.21.1

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...

Forgot the Static route on the NAT Device. It will need that to see the
other two LAN segments. It can be done with a single route using a 16bit
mask.

Internet NAT Device = 192.168.11.254
[net] [mask] [gtwy] [metric]
192.168.0.0 mask-255.255.0.0 192.168.11.1 metric 1

Hi,

My external router is physical router which is connected to leased line.
Then my email server and proxy server is Linux server which reside in Subnet
A and my physical router also reside in subnet A. The computer in Subnet A
dont have any problem at all. The problem only happened to Subnet B they can
access another pc and printer in Subnet A but cannot access and email & proxy
server in Subnet A.

Thank for help,
Jai

"Phillip Windell" wrote:

> "Phillip Windell" <@.> wrote in message
> news:%(E-Mail Removed)...
>
> Forgot the Static route on the NAT Device. It will need that to see the
> other two LAN segments. It can be done with a single route using a 16bit
> mask.
>
> Internet NAT Device = 192.168.11.254
> [net] [mask] [gtwy] [metric]
> 192.168.0.0 mask-255.255.0.0 192.168.11.1 metric 1
>
>
>
>
>
>