Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 663
  • Last Modified:

RRAS Windows Server 2003 2 Subnets

I have just entered into a contract with a small hospital and they have static IP addresses for everything. I am almost out of IPs. No money in budget for router.
I would like to use RRAS to route traffic between 2 subnets. 10.20.20.0 and 10.20.30.0
Currently everything is assigned a 10.20.20.0 address. I want to use 10.20.30.0 255.255.255.0 for the DHCP. I need to move the workstations, using DHCP, to 10.20.30.0.
The AD, DNS, Accounting, File, etc. servers will remain on the 10.20.20.0 subnet. I've read everything I could find but could not find a solution. I need help configuring RRAS to do this. I think this would be the fastest way to enable DHCP and free up some static ips.
0
vincejpgn
Asked:
vincejpgn
  • 11
  • 8
  • 7
15 Solutions
 
bluntTonyCommented:
So you're going to use RRAS to split the subnet into two? In simple terms:

1. You'll have two NICs on the RRAS server, each with an IP on one of the subnets. The one facing the 10.20.30.0 subnet will be that subnet's default gateway.
2. Your servers are remaining on 10.20.20.0. You can configure DHCP on one of these, to server the 10.20.30.0 subnet. Set up a scope with the appropriate IP range/config.
3. Enable the DHCP relay agent component on the RRAS server (IP routing / General / New Rotuing Protocol / DHCP Relay Agent). When it appears, go to it's properties, and add the IP of the DHCP server on the 10.20.20.0 subnet. Then add the interface facing the 10.20.30.0 subnet to the protocol, and enable relay on it.

This means that any DHCP requests received by the NIC facing the 10.20.30.0 subnet will be forwarded to the DHCP server, which will in turn hand out an IP address back to the RRAS server, and therefore back to the client.

I would then recommend also enabling DHCP for the 10.20.20.0 subnet as well. It ease administration massively.
0
 
QlemoC++ DeveloperCommented:
Please delete the doubled question http://Q_24425234.

0
 
QlemoC++ DeveloperCommented:
What's need for separating the two networks via router? Couldn't you just use the same physical network, but put an DHCP server for 10.20.30.0 in it, and widen the netmask to allow for both "networks" to be one?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
vincejpgnAuthor Commented:
Wouldn't I need to visit all the servers to widen the netmask? i.e. Change it to 255.255.254.0 on all servers?

0
 
vincejpgnAuthor Commented:
And I do plan on add DHCP to the 10.20.20.0 subnet but I've got a lot of devices (MRI machine, Dialysis machines, LAB machines, etc. that I need to reserve their repective ip addresses but I don't know what they are yet.

My predecessor wasn't very knowledgable in networking and ip addressing.

I have a lot of work to do.
0
 
bluntTonyCommented:
Because everything is statically assigned, you'd have to do it on every host on the network.

Giving yourself one more bit doubles the amount of hosts, e.g. 10.20.30.0/23. This would give you one subnet:

First host : 10.20.30.1
Last host : 10.20.31.254

508 hosts.

Whatever you decide, it would still definitely pay to implement DHCP regardless.
0
 
vincejpgnAuthor Commented:
I do have one more question...

I have a Cisco ASA 5510 but no experience with it. Can it do routing?
0
 
QlemoC++ DeveloperCommented:
Let's see the options:

Single network
  • the netmask needs to be changed on each static configured device
  • only one DHCP address range possible, no separation of devices by IP address
  • all devices can talk to each other without involving any router
  • default gateway  is not involved
Two networks
  • the default gateway needs to know of the routes to the other network, and the other networks needs to set the RRAS as default gateway
  • RRAS with routing and DHCP Relay needed
  • no change on static IP devices necessary.
  • DHCP can maintain two different IP networks.
  • No network browsing! NetBIOS is not routeable, so no joy with broadcasts. Name resolution will work if RRAS server is DNS server for all stations. However, a WINS could be needed.
0
 
vincejpgnAuthor Commented:
OK, back to RRAS.

I've configured per your instructions and it is working ffor DHCP but I need one more thing. The workstations on 10.20.30.0 must be able to ping or access any device on 10.20.20.0 and vice-versa.

0
 
vincejpgnAuthor Commented:
Access to the internet is via 10.20.20.5. Access to all the servers are on 10.20.20.0.
0
 
bluntTonyCommented:
The hosts on the 10.20.30.0 subnet need to have the NIC facing them on the RRAS server as their default gateway.

Your main subnet - 10.20.20.0 - I assume you have a router running out to the internet? On this, configure a static route to send traffic for the 10.20.20.0 subent to the NIC on the RRAS server facing the 10.20.20.0 subnet. Your clients on the 10.20.20.0 subnet still use the gateway router as their default gateway.
0
 
bluntTonyCommented:
I think I've got the subnets the wrong way round but you get the gist?

The clients on the subnet which has a gateway to the internet still use this router as their default gateway, but you configure a static route on this router to route traffic to the RRAS server for the other subnet.

The clients on the subnet without an internet gateway use the RRAS interface as their default gateway.
0
 
QlemoC++ DeveloperCommented:
bluntTony, the subnets are correct, as are the statements. The RRAS server itself knows how to route Internet traffic (to 10.20.20.5), and so it can act as default gateway for 10.20.30.0/24

0
 
vincejpgnAuthor Commented:
The 10.20.20.0 access the internet via the Cisco ASA 5510 at 10.20.20.5. The ASA then connects to a Cisco 1760 router which no one knows the password.
Can the ASA do the static routing? Or can the RRAS do it?
0
 
vincejpgnAuthor Commented:
Here's what I have so far...

2 nics in the RRAS server.
10.20.20.55  
10.20.30.1
The RRAS server is also my DHCP server. It is handing out 10.20.30.x and gateway 10.20.30.1.
My workstation has 10.20.30.22 assigned to it.
I cannot access the internet nor ping any server on 10.20.20.0 except 10.20.20.55.


0
 
QlemoC++ DeveloperCommented:
That because of the same reason. The Cisco ASA can't route to 10.20.30.0, and is dismissing all traffic. And the 10.20.20.0 devices do not know who the access 10.20.30.0 either, so they ask Cisco - dismiss.

I suggest you start a side question in Cisco Topic Area, as the feature of "hairpinning", which is traffic is going out the same interface where it came in, is very device and IOS specific. Anyway, I would not know the commands to use!
If you do that, refer to this question, so you do not have to explain anything again.

0
 
vincejpgnAuthor Commented:
Thanks for the help.

The ASA 5510 has 4 lan ports on the back. I bet I could have one assigned a 10.20.20.0 address and 10.20.30.0 address and do it that way.

I'll post to the Cisco area. How do I reference this question?
0
 
bluntTonyCommented:
Qlemo - I think we're basically on the same page.

Here's how I would set it up.

Two subnets

10.20.20.0/24 - with an internet gateway (10.20.20.5)
10.20.30.0/24 - no internet gateway.

RRAS server

NIC1 - IP: 10.20.20.55/24 - Default Gateway 10.20.20.5
NIC2 - IP: 10.20.30.1/24 - NO Default gateway

Set up static routing between these two NICs.

Clients in 10.20.20.0/24 - Default gateway 10.20.20.55 (RRAS interface)
Clients in 10.20.30.0/24 - Deafult gateway 10.20.30.1 (RRAS interface)

This way you don't have to configure a route on the Cisco that you have no access to.

I would get the IP routing working properly before applying DHCP. Hope this makes sense. It's a little hard to get a full understanding of your layout sometime. I personally would set up DHCP on a server in one subnet, create a scope for each subnet on this server, and configure DHCP relay on the RRAS server as I mentioned earlier.

Hope this helps. I am leaving myself so Qlemo should be able to help you further.
0
 
bluntTonyCommented:
Just realised - clients on 10.20.30.0 still wouldn't have internet access as no route on the Cisco. hmm.

I'm not sure if the ASA can route. Like mentioned above, I'd post to a Cisco zone.
0
 
vincejpgnAuthor Commented:
How would I setup the static routes?

Remember, beginner with RRAS.

0
 
vincejpgnAuthor Commented:
I'll post to Cisco zone.

Thanks guys.

0
 
QlemoC++ DeveloperCommented:
Don't you think I have earned some points?
0
 
vincejpgnAuthor Commented:
How do I assign points?
0
 
QlemoC++ DeveloperCommented:
Press "Request attention" button in starting question, and tell the admin you want to reassign points. An admin will reopen the question. Then you can accept mor than one answer, and distribute points to your liking. Quote from EE Help:

"Accept comments from more than one expert (split points)
You split the points. Each comment box has a button that says Accept Multiple Solutions. Click that, and you will see a page that allows you to assign points to any of the comments in the thread. There is a grade box at the bottom of the page.
"
0
 
bluntTonyCommented:
Agree that the points should be split.

Hope you get it sorted soon.
0
 
QlemoC++ DeveloperCommented:
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 11
  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now