Solved

NAT with Windows 2003

Posted on 2009-03-29
7
365 Views
Last Modified: 2012-05-06
Hi, I'm using Windows 2003 as Router on my LAN. Two Networks: 10.10.60.x/24 and 192.168.1.xx24
When I'm configure NAT on the RRAS i don't have access to 192.168.1.x LAN from 10.10.60.x LAN.From 192.168.1.x LAN i have access.
When I'm delete the NAT i have access from 192 LAN to 10.10 LAN and the opposite but no INTERNET connection.
Please your assist.
0
Comment
Question by:questil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24012972
Configuring NAT on a router will mean that by default you can only really initiate communications one way - from the 'internal' subnet to the 'external' subnet. All outgoing packets from the internal subnet will have the same 'from' IP address - that of the NAT router's external interface. All of the IP addresses on the internal subnet are shielded from the outside world.
You can enable traffic to be initiated the other way by configuring port forwarding on the router based on port number and external IP address so that certain traffic is routed to certain private IP addresses.
What subnet is your internet gateway on? Is this also on the RRAS box? If the gateway is on a different router, you will need to add a static route to the RRAS box, or configure a routing protocol such as RIP so that it knows where to send traffic out to the internet.
0
 

Author Comment

by:questil
ID: 24013015
I understand what you have explain, but what do you mean in saying "You can enable traffic to be initiated the other way by configuring port forwarding on the router based on port number and external IP address so that certain traffic is routed to certain private IP addresses"

Thanks!
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24013078
In order to be able to initiate communication from the 'outside' to the private subnet, you need to configure port forwarding. For example:
Say the external IP address of the router is 10.10.60.254. This is the only IP address that outside sources can send packets to. If you wanted to, say, access remote desktop on a server inside the private subnet (say it's private IP is 192.168.1.1), you configure a port forwarding rule to say:
Any packets sent to 10.10.60.254 using port 3389 (remote desktop port number), allow them through and forward them on to 192.168.1.1. Essentially the outside machine 'thinks' it's talking to 10.10.60.254 - it's not aware of the internal private IP it's actually in comminucations with, thus shielding the private IP from the outside world. So when you wanted to access remote desktop on 192.168.1.1, you actually connect to 10.10.60.254 and the communications will be forwarded by the router.
On RRAS, you configure a port forwarding rule on the interface you have nominated as the 'public' interface - on the 'Service and ports' tab.
See here for some info on configuring NAT : http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 70

Expert Comment

by:Qlemo
ID: 24018381
What device manages the internet traffic? Hardware Router? RRAS? And on which LAN?

Using the configuration without NAT is correct (for the internal networks). Howerver, your Internet router seems not to know how to answer to traffic originating from "the other" LAN (the LAN it is not positioned itself into).
0
 

Author Comment

by:questil
ID: 24018401
It's a Router(Cisco)
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24018613
Yes, agree - there's no real need to run NAT between two of your own subnets in your case, unless maybe you were setting up a perimeter, or 'DMZ', network for security reasons.
The issue you have is that your two routers don't 'know' where to route some of their traffic.
1. Your RRAS box needs to have a static route configured so that it forwards all traffic it doesn't know about (the destination 0.0.0.0) to the Cisco router's internal interface.
2. Your Cisco router then needs to know where to send traffic to the subnet it's not directly connected to. So for example, if it's the subnet 192.168.... that it's not connected to, you need to configure a route to it. Something similar to:
ip route 192.168.1.0 255.255.255.0 (then the IP address of the RRAS box interface on the 10.10.60.x subnet)
 
0
 

Author Closing Comment

by:questil
ID: 31564029
OK now i understand what i missed.
Thanks!!!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Resolve DNS query failed errors for Exchange
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question