RRAS NPS2008 Setup 2 subnets

Hi All
What am I doing wrong here?

We have a new server installed with Server 2008 Std and NPS RRAS role.  The server's only job is to route between 2 LANS on different subnets and an Internet Router, but eventually will host Forefont Gateway.  All three subnets are running on /24 network mask. There are three physical NICs in the machine.

External NIC providing Internet access to network with NAT:
IPv4 192.168.1.250
GW 192.168.1.254 (internet router address)
DNS 192.168.1. 254

Internal NIC 1 providing connection to LAN 1 - this is the Gateway Address Private no NAT
IPv4 192.168.0.250
GW - blank
DNS 192 168.0.92

Internal NIC 2 providing connection to LAN 2 - this is the Gateway Address Private no NAT
IPv4 192.168.2.250
GW - blank
DNS 192 168.2.92

I want to route between the subnets 2.0 and 0.0 without any issue, but I cannot get it to work!
Client PCs on 0.0 subnet can reach internet, ping 192.168.1.254 and can ping the 192.168.2.250 GW, but no clients on the 2.0 subnet.  The same applies the other way the clients on 2.0 subnet can access Internet and can ping the 192.168.0.250 GW, but no clients on the 0.0 subnet.
I have even added a static routes from Internal NIC 1 to Internal NIC 2 in both direction, restarted RRAS and still nothing!

Any help would be appreciated as this simple task is becoming very time consuming.
Thanks C



CreodusAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

merowingerCommented:
which result do you get when running:
Start-> Run->cmd->route print
CreodusAuthor Commented:
Hi Merow
First of all please accept apology - I have provided some incorrect info in the question which I cannot edit now.  The Internal NIC1 IPv4 address is 192.168.0.94 and NOT 192.168.0.250 - my mistake.
So for the route print below please read 0.94 for 0.250 - sorry for the added confusion :(
Thanks C

===========================================================================
Interface List
 15 ...00 50 5b 04 3e 33 ...... ASIX AX88772 USB2.0 to Fast Ethernet Adapter
 11 ...00 26 55 80 55 75 ...... HP NC362i Integrated DP Gigabit Server Adapter #2
 10 ...00 26 55 80 55 74 ...... HP NC362i Integrated DP Gigabit Server Adapter
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.{4C8F744F-DF7E-4812-B02D-7D9B501A7881}
 12 ...00 00 00 00 00 00 00 e0  isatap.{7D5731CB-280B-456E-8977-D7E62D918DE2}
 14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 22 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.250    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.94    266
     192.168.0.94  255.255.255.255         On-link      192.168.0.94    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.94    266
      192.168.1.0    255.255.255.0         On-link     192.168.1.250    276
    192.168.1.250  255.255.255.255         On-link     192.168.1.250    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.250    276
      192.168.2.0    255.255.255.0         On-link     192.168.2.250    276
    192.168.2.250  255.255.255.255         On-link     192.168.2.250    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.250    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.94    266
        224.0.0.0        240.0.0.0         On-link     192.168.1.250    276
        224.0.0.0        240.0.0.0         On-link     192.168.2.250    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.94    266
  255.255.255.255  255.255.255.255         On-link     192.168.1.250    276
  255.255.255.255  255.255.255.255         On-link     192.168.2.250    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    192.168.1.254  Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    266 fe80::/64                On-link
 10    276 fe80::/64                On-link
 15    276 fe80::/64                On-link
 10    276 fe80::7151:2471:5921:5f59/128
                                    On-link
 11    266 fe80::f098:f1e3:bf3f:a346/128
                                    On-link
 15    276 fe80::f87c:b7aa:1a7e:63c9/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 15    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
merowingerCommented:
ok routes seems to match. what's the result if you run the tracert command to a client in the other sunbet. e.g.

tracert -d 192.168.2.23

Are all services started on the RRAS server. is IP routing enabled?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CreodusAuthor Commented:

Hi Merow
Sorry for the delay getting back to you; I haven't been able to get on site since.
To add to the confusion I discovered yesterday that two of the servers on the different subnets could actually ping and route to one another.

So I thought about your comments, checked the RRAS settings again (VPN, LAN routing and NAT only built from a Custom setup) and all looked correct.  So I compared the ipconfig /all on a client that couldn't connect and a server that could.  

The Static IP on the server was perfect, but we found that the DHCP scope picked up by the client was showing two gateways 0.94 and 0.98.  Both are legitimate addresses on the LAN.  The 0.98 used to be a gateway many moons ago, but somehow wasn't deleted from the scope.  

We reset the scope and bingo routing started between clients!

Thanks for your help in clarifying the mind.  It was only running the tracert -d on a server by chance yesterday that showed the difference.

C
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.