Simple Windows 2008 R2 routing issue

Posted on 2014-02-02
Medium Priority
Last Modified: 2014-02-03
Dear Experts,

I have a standard routing setup, which just doesn't work right:

The Windows server has two NICs, 1 ( which is connected to an Internet router (default gateway is set to, the router's IP) and NIC 2 ( - no default gateway specificed in the NIC's settings). PCs are connected to the LAN on NIC 2, their default gateway is set to RRAS has been enabled on the server, using custom configuration, LAN-Routing and otherwise accepting the defaults. The server can connect to the Internet just fine, but the PCs on the LAN behind NIC 2 can't.

What could be wrong? Who can I get the PCs on NIC2 to reach the Internet? I'm attaching the route print output of the server below. (There're also some entries dealing with, which is a VPN transfer network, that should have nothing to do with all this.)

Thank you and best regards,


 23...00 ff 4d 23 66 7a ......TAP-Win32 Adapter V9
 21...00 25 64 fe 5a 06 ......LAN 2 extern
 19...00 25 64 fe 5a 04 ......LAN 1 intern
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
 16...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #3
 20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
    261      6     31   Auf Verbindung    286   Auf Verbindung    286   Auf Verbindung    286   Auf Verbindung    306   Auf Verbindung    306   Auf Verbindung    306   Auf Verbindung    261   Auf Verbindung    261   Auf Verbindung    261   Auf Verbindung    261   Auf Verbindung    261   Auf Verbindung    261   Auf Verbindung    306   Auf Verbindung    286   Auf Verbindung    261   Auf Verbindung    261   Auf Verbindung    306   Auf Verbindung    286   Auf Verbindung    261   Auf Verbindung    261
St„ndige Routen:
  Netzwerkadresse          Netzmaske  Gatewayadresse  Metrik       1

Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  1    306 ::1/128                  Auf Verbindung
 23    286 fe80::/64                Auf Verbindung
 19    261 fe80::/64                Auf Verbindung
 21    261 fe80::/64                Auf Verbindung
 21    261 fe80::594c:163c:5e19:4fd/128
                                    Auf Verbindung
 23    286 fe80::a9c2:f114:91ae:daf/128
                                    Auf Verbindung
 19    261 fe80::ed95:1ef:c56f:67c8/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
 23    286 ff00::/8                 Auf Verbindung
 19    261 ff00::/8                 Auf Verbindung
 21    261 ff00::/8                 Auf Verbindung
St„ndige Routen:

Open in new window

Question by:Staudte
  • 3
  • 2
LVL 40

Expert Comment

ID: 39828877
Either you need to enable Internet connection sharing (ICS) OR NAT component on server so that client can connect to internet

Check below video for more details


http://technet.microsoft.com/en-us/library/dd469812.aspx - Server NAT
Put NAT IP as default gateway on client Machines


Author Comment

ID: 39828888
Hi Mahesh,

thanks for the quick reply. I think I have ICS enabled, because if I go into the settings of the server in RRAS, click on IPv4 there's a checkbox in "activate IPv4-Fowarding" (translated from german). Also, on the "General" tab, the "activate this computer as IPv4-Router" is checked, too.

As far NAT is concerned, I had activated that and that did indeed let the clients on NIC 2 connect to the Internet, but then RDP access through the VPN (on the network) would not work anymore. Also, I don't think that NAT should be involved here - this is a general routing issue and should in principle work without NAT.

LVL 40

Accepted Solution

Mahesh earned 2000 total points
ID: 39828924
For ICS, you need to enable it in properties of network card connected to internet on server and for that you don't require RRAS to be deployed.
Its old concept since windows XP

I suggest you to go for NAT which can be best suite to your current scenario


Author Closing Comment

ID: 39828954
I see.... that option is indeed not checked. However, if I'd enable that now it would change the IP of the NIC to - which is unacceptable. I wonder why this suddenly changed anyway - it used to work fine. By the way: I enabled RRAS as a LAN-Router a looong time ago to handle the VPN's routing. As a side effect, the PCs were able to connect to the Internet (that wasn't really anticipated at that time, but welcomed). I had definitely never enabled ICS intentionally - just added the LAN Router Role to the server.

Anyway... we'll change the infrastructure today to have all PCs on the same network on NIC 1 - the structure with two separated networks was there only for historical reasons and has just never been touched - time to touch it now :-)
LVL 40

Expert Comment

ID: 39828962
Yes, basically when you enable ICS on network card connected to internet, another private network card IP segment immediately changes to segment probably

Check below article for step by step


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question