Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


W2k3 PDC server running DNS, DHCP, RRAS with 2 NIC - Having trouble routing through the 2nd NIC

Posted on 2004-10-05
Medium Priority
Last Modified: 2013-11-09
Ok, here is my setup.

I have a windows 2k3 server running as a PDC with AD, DNS, DHCP and also has remote access and routing enabled.

The idea is to set this machine up as a VPN/NAT server so that all the workstations on the LAN can access the internet, and WAN clients can have VPN access.

What i did first was to only have one NIC like this

(INTERNET) ----- (ADSL/ROUTER) --------- (W2k3 - NIC1) --------- (SWITCH/HUB)
                                                                                                         |----- (WINXP WORKSTATION 1)
                                                                                                         |----- (WINXP WORKSTATION 2)
                                                                                                         |----- (WINXP WORKSTATION 3)

This works fine for allowing the LAN clients access to the Internet, however when i enabled RRAS it stated that there wasn't 2 NIC's and couldn't enable VPN.

So i installed a second NIC. First off the NIC was configuired by the wizard to be on a different subnet (169.254..106.x). As the router is on a 192.168.0.x subnet the 2nd NIC couldn't connect to the router. So i forced the 2nd NIC to be on the same subnet.

Like below.

(INTERNET) ----- (ADSL/ROUTER) --------- (W2k3 - NIC2)
                                                              (W2k3 - NIC1) --------- (SWITCH/HUB)
                                                                                                         |----- (WINXP WORKSTATION 1)
                                                                                                         |----- (WINXP WORKSTATION 2)
                                                                                                         |----- (WINXP WORKSTATION 3)

My problem is this.
I cannot ping the router from the server.
I cannot ping from anywhere on the network except the server.
My clients cannot access the internet.

I currently have RRAS disabled as i was trying to cut back to basics and just get NIC 2 to be able to connect to the router.
I have DHCP set the default gateway to for all the clients.
I have my DNS to forward all non-resolvable address to

Below is a ipconfig /all on the W2k3 server.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : iqm-dpc-w2k3
   Primary Dns Suffix  . . . . . . . : IQM.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : IQM.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-48-54-D0-BE-07
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2
   Physical Address. . . . . . . . . : 00-48-54-D0-C8-89
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . :

Also here is the route print output.

IPv4 Route Table
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 48 54 d0 be 07 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
0x10004 ...00 48 54 d0 c8 89 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2
Active Routes:
Network Destination        Netmask              Gateway            Interface        Metric
               20                1       20     20          20          20      20     20             20            20       1      1
Default Gateway:
Persistent Routes:

Now im no expert network guru, but i would have thought that this would have been pretty straight forward. Alas no. If there is even another way where i dont need 2 NIC's then please tell me as having 2 NIC's just seems to be causing me a problem.

Thanks in advance
Question by:iqmarketing
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 16

Accepted Solution

samccarthy earned 500 total points
ID: 12226625
Go back to 1 nic and use a custom setup.  There it will allow you to setup the RRAS with only 1 NIC.  I have almost the exact setup on 1 network and my others just use 1 NIC for the RRAS Box.   It will allow you to use 1 NIC and works fine.  

When using 2 Nics, they would not be able to be on the same subnet.  


Expert Comment

ID: 12227228
Right (Steve) :
If you whant 2 NIC, use this conf :

                          - def.GW
(INTERNET) ----- (ADSL/ROUTER) --------- (W2k3 - NIC2)
                                                     - def.GW
                                                              (W2k3 - NIC1) --------- (SWITCH/HUB)
                                                                                                         |----- (WINXP WORKSTATION 1) - (DHCP) - def.GW
                                                                                                         |----- (WINXP WORKSTATION 2)
                                                                                                         |----- (WINXP WORKSTATION 3)

and set the rules in RRAS !
LVL 11

Expert Comment

ID: 12227664
> So i installed a second NIC. First off the NIC was configuired by the wizard to be on a different subnet (169.254..106.x). As
> the router is on a 192.168.0.x subnet the 2nd NIC couldn't connect to the router. So i forced the 2nd NIC to be on the same
> subnet.

The 169.254.x.x address means "configured to get an address from DHCP, but no DHCP server found".  The DHCP server can't possibly get its own address from DHCP.

It is only possible to route between two NICs if they are on *different* networks; forcing them to be the same is a no-no.  You need to change either your DHCP scope and LAN-facing NIC to some other range, or change the router address and the NIC that faces it.  Whichever you change, you will also need to tell the ADSL router that the LAN address range is reached by way of the RRAS server's address facing the router.


Author Comment

ID: 12235901
Ok, well i've played around abit. using the configurations suggested.

Firstly i tried changing the 'router facing NIC' and the router to being on a differenct network (192.168.1.x) to the 'LAN facing NIC' (192.168.0.x) however, i was unable to connect to the router( through the router facing NIC( I tried various configurations with gateways and static routes (route add mask metric 1)  etc but no luck.

I was only able to connect back to the router when i changed the LAN facing NIC (which is also the first NIC) to be on the same network.

I then reconfigured the router to be on the initial network subnet (192.168.0.x), disabled the 2nd NIC completly and re-configured the RRAS server for VPN. The only difference this time is that i told the wizard not to set up the NIC to 'only allow VPN packets'.

I then connected my VPN client. :) so technically it all works.

Now my problem is that my client is given the following IPconfig info.

IPAddress :
Subnet Mask :
Default Gateway :

DNS Server : ??? <- this is the green address of my router in the office. Should it not have given me the red    
                                                address of the router?
                  : <- This is the address of my ISP's DNS server.

Surely with a subnet mask of im not going to be able to see any other machines ever!!.

Ideally i would like this to be working with 2 NIC's in the server and the server controlling access to the Internet for the LAN clients and Access to the LAN for VPN clients. But whenever i install or enable the second NIC, no matter what i connect it to on any network or subnet I just cant connect to or ping anything on the otherside of the 2nd NIC. I have replaced the NIC and the network cables, and tried it in different ports in the router. But i cant get the 2nd NIC to see the router ever. Solving this would be a start.

Thanks for all your help so far.
LVL 16

Expert Comment

ID: 12237125
For your DNS, you will get the "Green" address of the router.  Remember, as a VPN, you are part of the network and that remote Gateway is you "Green" address.

If you have everything set at the defaults for the RRAS, your addressing should be good and you will have access to all your network resources.  When you get an address over the VPN, you will get a subnet mask.

If you want to use the 2 NIC's, you must have two different subnets.  Soooo, one NIC, the Inernal one could stay on the 192.168.0.x network.  Then set the 2nd NIC to a different network setting, say 192.168.10.x.  The router would also need an address on the 192.168.10.x network.  You should then be able to be on that box and access the Lan on the 1 subnet and the Internet through the other subnet.

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question