can't access Microsoft Network Load balanced IP from outside network?

Do you have a NAT for the NLB IP address setup in the firewall?

Do you allow ICMP packets to/from that IP address?

A single server should only have one default route, as a default means when there are no other options use this and you can have
two defaults.

So I do not have a NAT setup in my firewall for the NLB IP. should I? the router should be wide open. it's a cisco 1720 leading into a private MPLS network. I allow all traffic to and from my remote LANs.

Do you have a NAT for the non-NLB IP addresses on those Window's servers?  If yes, then yes you need a NAT.

If no, is the NLB IP address in the same subnet as the non-NLB IP addresses?

Yes the addresses are in the same range

Server 1 192.168.1.2


Server 2 192.168.1.8

Nlb address is 192.168.1.3

I have no problem pinging the server 1 and server 2 dedicated IPs. Why do I need a seperate nat?

If you have a NAT for 192.168.1.2 and  192.168.1.8, you will  need a NAT for 192.168.1.3.

If you don't have a NAT for those, then refer to oBdA's post.

ok I think we're on the right track. It is setup in multicast.

the router is remotely managed by my ISP.
when I do an ARP -a on my workstation which is currently on the same LAN as the NLB cluster, I get a MAC address for the 192.168.1.2 ip address. is this MAC address the one that I need the ISP to statically assign in my router or do I need to assign one of the dedicated IP's mac addresses (192.168.1.3. 192.168.1.8?)

the ISP doesn't seem like they know the command that they would need to put into their router for a static ARP entry. on a cisco router what would the command be to enter the MAC address statically in the Router's ARP tables?

Thanks. We got it. It was in multicast and the router needed a static arp entry to work.