• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 372
  • Last Modified:

NAT with Windows 2003

Hi, I'm using Windows 2003 as Router on my LAN. Two Networks: 10.10.60.x/24 and 192.168.1.xx24
When I'm configure NAT on the RRAS i don't have access to 192.168.1.x LAN from 10.10.60.x LAN.From 192.168.1.x LAN i have access.
When I'm delete the NAT i have access from 192 LAN to 10.10 LAN and the opposite but no INTERNET connection.
Please your assist.
0
questil
Asked:
questil
  • 3
  • 3
1 Solution
 
bluntTonyCommented:
Configuring NAT on a router will mean that by default you can only really initiate communications one way - from the 'internal' subnet to the 'external' subnet. All outgoing packets from the internal subnet will have the same 'from' IP address - that of the NAT router's external interface. All of the IP addresses on the internal subnet are shielded from the outside world.
You can enable traffic to be initiated the other way by configuring port forwarding on the router based on port number and external IP address so that certain traffic is routed to certain private IP addresses.
What subnet is your internet gateway on? Is this also on the RRAS box? If the gateway is on a different router, you will need to add a static route to the RRAS box, or configure a routing protocol such as RIP so that it knows where to send traffic out to the internet.
0
 
questilAuthor Commented:
I understand what you have explain, but what do you mean in saying "You can enable traffic to be initiated the other way by configuring port forwarding on the router based on port number and external IP address so that certain traffic is routed to certain private IP addresses"

Thanks!
0
 
bluntTonyCommented:
In order to be able to initiate communication from the 'outside' to the private subnet, you need to configure port forwarding. For example:
Say the external IP address of the router is 10.10.60.254. This is the only IP address that outside sources can send packets to. If you wanted to, say, access remote desktop on a server inside the private subnet (say it's private IP is 192.168.1.1), you configure a port forwarding rule to say:
Any packets sent to 10.10.60.254 using port 3389 (remote desktop port number), allow them through and forward them on to 192.168.1.1. Essentially the outside machine 'thinks' it's talking to 10.10.60.254 - it's not aware of the internal private IP it's actually in comminucations with, thus shielding the private IP from the outside world. So when you wanted to access remote desktop on 192.168.1.1, you actually connect to 10.10.60.254 and the communications will be forwarded by the router.
On RRAS, you configure a port forwarding rule on the interface you have nominated as the 'public' interface - on the 'Service and ports' tab.
See here for some info on configuring NAT : http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
QlemoC++ DeveloperCommented:
What device manages the internet traffic? Hardware Router? RRAS? And on which LAN?

Using the configuration without NAT is correct (for the internal networks). Howerver, your Internet router seems not to know how to answer to traffic originating from "the other" LAN (the LAN it is not positioned itself into).
0
 
questilAuthor Commented:
It's a Router(Cisco)
0
 
bluntTonyCommented:
Yes, agree - there's no real need to run NAT between two of your own subnets in your case, unless maybe you were setting up a perimeter, or 'DMZ', network for security reasons.
The issue you have is that your two routers don't 'know' where to route some of their traffic.
1. Your RRAS box needs to have a static route configured so that it forwards all traffic it doesn't know about (the destination 0.0.0.0) to the Cisco router's internal interface.
2. Your Cisco router then needs to know where to send traffic to the subnet it's not directly connected to. So for example, if it's the subnet 192.168.... that it's not connected to, you need to configure a route to it. Something similar to:
ip route 192.168.1.0 255.255.255.0 (then the IP address of the RRAS box interface on the 10.10.60.x subnet)
 
0
 
questilAuthor Commented:
OK now i understand what i missed.
Thanks!!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now