Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Trying to connect to a share on different subnet

Posted on 2014-02-03
8
Medium Priority
?
753 Views
Last Modified: 2014-02-05
Trying to connect to a share across subnets

I'm trying to connect from 192.168.1.x to a share on a Hyper-V virtual desktop at 10.0.1.90. Each subnet is on a different physical router and each router has a public IP address (consumer routers: one is a XyWall USG100, the other is a Netgear FVS114).

This diagram shows my configuration with both routers and two public IP addresses. The Hyper-V server has two (2) NICs, the first NIC on the 192.168.1.x subnet and the second NIC on 10.0.1.x subnet. I use the DNS provided by my ISP and I don't employ AD. How do I configure my router(s) to allow subnet 1 to access a share on subnet 2 by name or IP address? By this I mean any computer on subnet 192.168.1.x can browse the network and access shared resources on subnet 10.0.1.x.  Or is there more that I need to do besides change router settings?

                          Internet
                                |
          ______________|_________________
         |                                                    |
     Router 1                                      Router 2
     x.x.x.18                                        x.x.x.19
         |                                                    |
         |                                                    |
   Subnet 1                                             |
192.168.1.x                                           |
         |                                                    |    
         |                                                    |
         |                                                    |
       NIC 1 ________ Hyper-V _______ NIC2 (Subnet 2)
192.168.1.46           Server              10.0.1.x
                                                                |
                                                                |
                                                            Virtual
                                                           10.0.1.90
0
Comment
Question by:mwyatt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 39830973
Browsing across routers only works with properly configured DNS and domain suffixes (or WINS).
If you can live with having to provide IP addresses, only proper routing is needed. As long as you can ping, you should be able to use \\10.0.1.x\share . Of course you need to take care of the Windows Firewall rules, if active - 192.168.1.0/24 needs to be a trusted network on 10.0.1.0/24 PCs.
0
 

Author Comment

by:mwyatt
ID: 39830999
Thanks. I can't even ping. So that's the first problem to solve. I know all routers use different terminology, so very generally what's the setting I would modify?

I'd be OK with connecting via IP only since I'll be mapping a drive to that share anyway.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39831066
In general, there are a lot of potential culprits. Firewalls and default gateway or special routes are the most important to check.

Having a closer look into the diagram you supplied, I see a severe issue - there is no router in your LAN connected to both networks. Only the Hyper-V Server has access to both. I reckon you do not want to route traffic in plain (unencrypted) via the public IPs - unless they are in the same subnet, that would be a bad idea, and probably not working because of NAT.

So, you need to install the Routing and Remote Access role on the Hyper-V server. http://social.technet.microsoft.com/Forums/windowsserver/en-US/1866b005-7986-4b39-bc15-34832efda01b/setup-rras-inside-of-hyperv?forum=winserverhyperv can give you a hint how to do that.
Then you'll need to set up the correct RRAS NIC as gateway for each subnet. It is most simple if you create a specific route on the default gateways, else you have to do on each device you want to allow inter-LAN communication for.

In detail:
  set a route on x.x.x.19 for 192.168.1.0/24 using 10.0.1.x (Hyper-V NIC)
  set a route on x.x.x.18 for 10.0.1.0/24 using 192.168.1.46

That should take care of the rouing. And then comes the firewall ...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:mwyatt
ID: 39832888
You are correct, there is no router connecting both networks.

I have 5 static IPs assigned by my ISP and I'm thinking that traffic going from the x.x.x.18 to the x.x.x.19 doesn't actually go out across "the internet" so packets can't get intercepted. Maybe I'm totally wrong...my routing knowledge is rusty and limited.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39833194
Whether the packets remain local or not is a question of ISP configuration. Usually packets of the same subnet do not cross routers. If both routers are plugged into another device, bets are high that no routing to the outside happens. If each router has a dedicated line, bets are high packets are routed on ISP site.

Leaving that aside, there is still NAT. All traffic to Internet have to get mapped to a single public IP, and without further firewall config the other way round does not work - you have to forward traffic for a specific port (in this case e.g. 445 for CIFS) and a specific host. See the issue? You do not have a single host, you want to access multiple targets.

You are better of with the RRAS approach I described above. Or build a VPN between the two internet routers.
0
 

Author Comment

by:mwyatt
ID: 39833277
I have a 5-port switch in front those routers, each port going to a different router. The x.x.x.18 plugs into one port, x.x.x.19 plugs into the next and so on, up through x.x.x.22.

Duh. I didn't consider a VPN connection between them. That would solve the security concern. But would I still need to configure RRAS if a VPN is in place?
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39834186
If the routers are building the VPN tunnel, you won't need RRAS. NAT is no issue, as the connection inside of the VPN is just a (full routing) network connection.
The only downside of the VPN is that it will add some overhead, leading to (hopefully unnotified) delays in using it. That is because VPN uses CBC algorithms, which require data to get filled into blocks of predetermined size. That adds lag, as does the encryption itself, and the additional byte overhead needed to transport the encrypted payload.
0
 

Author Closing Comment

by:mwyatt
ID: 39835737
Yes I'm aware of VPN overhead. It's terrible for transferring numerous files, which is the primary purpose of reaching a share across subnets. With that acknowledgment I think that the VPN will be the easiest solution for now, so I will proceed with that.

If anyone else has other suggestions please chime in.

Thanks again Qlemo for the guidance!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question