NAT with Windows 2003

Hi, I'm using Windows 2003 as Router on my LAN. Two Networks: 10.10.60.x/24 and 192.168.1.xx24
When I'm configure NAT on the RRAS i don't have access to 192.168.1.x LAN from 10.10.60.x LAN.From 192.168.1.x LAN i have access.
When I'm delete the NAT i have access from 192 LAN to 10.10 LAN and the opposite but no INTERNET connection.
Please your assist.
questilAsked:
Who is Participating?
 
bluntTonyConnect With a Mentor Commented:
Yes, agree - there's no real need to run NAT between two of your own subnets in your case, unless maybe you were setting up a perimeter, or 'DMZ', network for security reasons.
The issue you have is that your two routers don't 'know' where to route some of their traffic.
1. Your RRAS box needs to have a static route configured so that it forwards all traffic it doesn't know about (the destination 0.0.0.0) to the Cisco router's internal interface.
2. Your Cisco router then needs to know where to send traffic to the subnet it's not directly connected to. So for example, if it's the subnet 192.168.... that it's not connected to, you need to configure a route to it. Something similar to:
ip route 192.168.1.0 255.255.255.0 (then the IP address of the RRAS box interface on the 10.10.60.x subnet)
 
0
 
bluntTonyCommented:
Configuring NAT on a router will mean that by default you can only really initiate communications one way - from the 'internal' subnet to the 'external' subnet. All outgoing packets from the internal subnet will have the same 'from' IP address - that of the NAT router's external interface. All of the IP addresses on the internal subnet are shielded from the outside world.
You can enable traffic to be initiated the other way by configuring port forwarding on the router based on port number and external IP address so that certain traffic is routed to certain private IP addresses.
What subnet is your internet gateway on? Is this also on the RRAS box? If the gateway is on a different router, you will need to add a static route to the RRAS box, or configure a routing protocol such as RIP so that it knows where to send traffic out to the internet.
0
 
questilAuthor Commented:
I understand what you have explain, but what do you mean in saying "You can enable traffic to be initiated the other way by configuring port forwarding on the router based on port number and external IP address so that certain traffic is routed to certain private IP addresses"

Thanks!
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
bluntTonyCommented:
In order to be able to initiate communication from the 'outside' to the private subnet, you need to configure port forwarding. For example:
Say the external IP address of the router is 10.10.60.254. This is the only IP address that outside sources can send packets to. If you wanted to, say, access remote desktop on a server inside the private subnet (say it's private IP is 192.168.1.1), you configure a port forwarding rule to say:
Any packets sent to 10.10.60.254 using port 3389 (remote desktop port number), allow them through and forward them on to 192.168.1.1. Essentially the outside machine 'thinks' it's talking to 10.10.60.254 - it's not aware of the internal private IP it's actually in comminucations with, thus shielding the private IP from the outside world. So when you wanted to access remote desktop on 192.168.1.1, you actually connect to 10.10.60.254 and the communications will be forwarded by the router.
On RRAS, you configure a port forwarding rule on the interface you have nominated as the 'public' interface - on the 'Service and ports' tab.
See here for some info on configuring NAT : http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
What device manages the internet traffic? Hardware Router? RRAS? And on which LAN?

Using the configuration without NAT is correct (for the internal networks). Howerver, your Internet router seems not to know how to answer to traffic originating from "the other" LAN (the LAN it is not positioned itself into).
0
 
questilAuthor Commented:
It's a Router(Cisco)
0
 
questilAuthor Commented:
OK now i understand what i missed.
Thanks!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.