Solved

W2k3 PDC server running DNS, DHCP, RRAS with 2 NIC - Having trouble routing through the 2nd NIC

Posted on 2004-10-05
5
540 Views
Last Modified: 2013-11-09
Ok, here is my setup.

I have a windows 2k3 server running as a PDC with AD, DNS, DHCP and also has remote access and routing enabled.

The idea is to set this machine up as a VPN/NAT server so that all the workstations on the LAN can access the internet, and WAN clients can have VPN access.

What i did first was to only have one NIC like this

                           192.168.0.2                   192.168.0.1
(INTERNET) ----- (ADSL/ROUTER) --------- (W2k3 - NIC1) --------- (SWITCH/HUB)
                                                                                                         |
                                                                                                         |----- (WINXP WORKSTATION 1)
                                                                                                         |----- (WINXP WORKSTATION 2)
                                                                                                         |----- (WINXP WORKSTATION 3)

This works fine for allowing the LAN clients access to the Internet, however when i enabled RRAS it stated that there wasn't 2 NIC's and couldn't enable VPN.

So i installed a second NIC. First off the NIC was configuired by the wizard to be on a different subnet (169.254..106.x). As the router is on a 192.168.0.x subnet the 2nd NIC couldn't connect to the router. So i forced the 2nd NIC to be on the same subnet.

Like below.

                          192.168.0.2                   192.168.0.55
(INTERNET) ----- (ADSL/ROUTER) --------- (W2k3 - NIC2)
                                                              192.168.0.1
                                                              (W2k3 - NIC1) --------- (SWITCH/HUB)
                                                                                                         |
                                                                                                         |----- (WINXP WORKSTATION 1)
                                                                                                         |----- (WINXP WORKSTATION 2)
                                                                                                         |----- (WINXP WORKSTATION 3)

My problem is this.
I cannot ping the router from the server.
I cannot ping 192.168.0.55 from anywhere on the network except the server.
My clients cannot access the internet.

I currently have RRAS disabled as i was trying to cut back to basics and just get NIC 2 to be able to connect to the router.
I have DHCP set the default gateway to 192.168.0.2 for all the clients.
I have my DNS to forward all non-resolvable address to 192.168.0.2.

Below is a ipconfig /all on the W2k3 server.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : iqm-dpc-w2k3
   Primary Dns Suffix  . . . . . . . : IQM.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : IQM.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-48-54-D0-BE-07
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.0.2
                                              213.1.119.103

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2
   Physical Address. . . . . . . . . : 00-48-54-D0-C8-89
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.55
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.2
   DNS Servers . . . . . . . . . . . : 192.168.0.2
                                              213.1.119.103

Also here is the route print output.

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 48 54 d0 be 07 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
0x10004 ...00 48 54 d0 c8 89 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask              Gateway            Interface        Metric
          0.0.0.0                 0.0.0.0             192.168.0.2       192.168.0.55     20
        127.0.0.0              255.0.0.0           127.0.0.1           127.0.0.1          1
      192.168.0.0         255.255.255.0        192.168.0.1       192.168.0.1       20
      192.168.0.0         255.255.255.0        192.168.0.55     192.168.0.55     20
      192.168.0.1         255.255.255.255     127.0.0.1          127.0.0.1          20
     192.168.0.55        255.255.255.255     127.0.0.1          127.0.0.1          20
    192.168.0.255       255.255.255.255     192.168.0.1       192.168.0.1      20
    192.168.0.255       255.255.255.255     192.168.0.55     192.168.0.55     20
        224.0.0.0              240.0.0.0            192.168.0.1      192.168.0.1       20
        224.0.0.0              240.0.0.0            192.168.0.55    192.168.0.55      20
  255.255.255.255      255.255.255.255     192.168.0.1      192.168.0.1       1
  255.255.255.255      255.255.255.255     192.168.0.55    192.168.0.55      1
Default Gateway:       192.168.0.2
===========================================================================
Persistent Routes:
  None

Now im no expert network guru, but i would have thought that this would have been pretty straight forward. Alas no. If there is even another way where i dont need 2 NIC's then please tell me as having 2 NIC's just seems to be causing me a problem.

Thanks in advance
Stewert.
0
Comment
Question by:iqmarketing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
samccarthy earned 250 total points
ID: 12226625
Go back to 1 nic and use a custom setup.  There it will allow you to setup the RRAS with only 1 NIC.  I have almost the exact setup on 1 network and my others just use 1 NIC for the RRAS Box.   It will allow you to use 1 NIC and works fine.  

When using 2 Nics, they would not be able to be on the same subnet.  

Steve
0
 
LVL 7

Expert Comment

by:gnegrota
ID: 12227228
Right (Steve) :
If you whant 2 NIC, use this conf :



                          192.168.0.2                   192.168.0.55/255.255.255.128 - def.GW 192.168.0.2
(INTERNET) ----- (ADSL/ROUTER) --------- (W2k3 - NIC2)
                                                              192.168.0.130/255.255.255.128 - def.GW 192.168.0.55
                                                              (W2k3 - NIC1) --------- (SWITCH/HUB)
                                                                                                         |
                                                                                                         |----- (WINXP WORKSTATION 1) - (DHCP) - def.GW 192.168.0.130
                                                                                                         |----- (WINXP WORKSTATION 2)
                                                                                                         |----- (WINXP WORKSTATION 3)

and set the rules in RRAS !
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 12227664
> So i installed a second NIC. First off the NIC was configuired by the wizard to be on a different subnet (169.254..106.x). As
> the router is on a 192.168.0.x subnet the 2nd NIC couldn't connect to the router. So i forced the 2nd NIC to be on the same
> subnet.

The 169.254.x.x address means "configured to get an address from DHCP, but no DHCP server found".  The DHCP server can't possibly get its own address from DHCP.

It is only possible to route between two NICs if they are on *different* networks; forcing them to be the same is a no-no.  You need to change either your DHCP scope and LAN-facing NIC to some other range, or change the router address and the NIC that faces it.  Whichever you change, you will also need to tell the ADSL router that the LAN address range is reached by way of the RRAS server's address facing the router.

0
 

Author Comment

by:iqmarketing
ID: 12235901
Ok, well i've played around abit. using the configurations suggested.

Firstly i tried changing the 'router facing NIC' and the router to being on a differenct network (192.168.1.x) to the 'LAN facing NIC' (192.168.0.x) however, i was unable to connect to the router(192.168.1.2) through the router facing NIC(192.168.1.1). I tried various configurations with gateways and static routes (route add 192.168.1.2 mask 192.168.1.2 192.168.1.1 metric 1)  etc but no luck.

I was only able to connect back to the router when i changed the LAN facing NIC (which is also the first NIC) to be on the same network.

I then reconfigured the router to be on the initial network subnet (192.168.0.x), disabled the 2nd NIC completly and re-configured the RRAS server for VPN. The only difference this time is that i told the wizard not to set up the NIC to 'only allow VPN packets'.

I then connected my VPN client. :) so technically it all works.

Now my problem is that my client is given the following IPconfig info.

IPAddress : 192.168.0.24
Subnet Mask : 255.255.255.255
Default Gateway : 192.168.0.24

DNS Server : 192.168.0.2 ??? <- this is the green address of my router in the office. Should it not have given me the red    
                                                address of the router?
                  : 213.1.119.103 <- This is the address of my ISP's DNS server.

Surely with a subnet mask of 255.255.255.255 im not going to be able to see any other machines ever!!.

Ideally i would like this to be working with 2 NIC's in the server and the server controlling access to the Internet for the LAN clients and Access to the LAN for VPN clients. But whenever i install or enable the second NIC, no matter what i connect it to on any network or subnet I just cant connect to or ping anything on the otherside of the 2nd NIC. I have replaced the NIC and the network cables, and tried it in different ports in the router. But i cant get the 2nd NIC to see the router ever. Solving this would be a start.

Thanks for all your help so far.
Stewert
0
 
LVL 16

Expert Comment

by:samccarthy
ID: 12237125
For your DNS, you will get the "Green" address of the router.  Remember, as a VPN, you are part of the network and that remote Gateway is you "Green" address.

If you have everything set at the defaults for the RRAS, your addressing should be good and you will have access to all your network resources.  When you get an address over the VPN, you will get a 255.255.255.255 subnet mask.

If you want to use the 2 NIC's, you must have two different subnets.  Soooo, one NIC, the Inernal one could stay on the 192.168.0.x network.  Then set the 2nd NIC to a different network setting, say 192.168.10.x.  The router would also need an address on the 192.168.10.x network.  You should then be able to be on that box and access the Lan on the 1 subnet and the Internet through the other subnet.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question