Solved

Connect internet to VMware vLAN - RRAS

Posted on 2014-03-25
12
758 Views
Last Modified: 2014-04-13
Hi, I have cloned some VMs from our production network 'prod' and have placed the cloned VMs into a private vLAN so they are isoloted and will not interfere with anything in production.

This is working well, however i now have a requirement to download product updates from the web on my cloned VMs - which are in the 'private' vLAN with no web access.

I have spun up a Server 2003 box and installed Routing and Remote Access.

Can someone please walk me through the correct config to use RAS to bridge the 2 vLANs and supply my cloned machines with web access.

prod network 172.16.4.0/22 default gateway 172.16.4.253
private network 172.16.4.0/22

thanks
0
Comment
Question by:fieldj
  • 5
  • 4
  • 3
12 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39954932
Are the vlans setup in your router? Why can't you just allow Internet from there? What kind of router do you have?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39954937
You cal also attach another nic to your vm that can get out and delete it when you're done
0
 
LVL 61

Expert Comment

by:gheist
ID: 39955216
You can add home router software like openwrt between VLANs..
0
 

Author Comment

by:fieldj
ID: 39955530
So the 'private' network is a virtual network which is a replica the 'prod' (production) network.  It is a isolated vLAN.

The Server 2003 box running Routing and Remote Access has a NIC from each vLAN, prod and private.

I want this box to become a gateway between my production 'prod' network and the 'private' network (therefore allowing the cloned VMs placed in the private network vLAN to be identical to those in prod - i.e. I don't want to add a NIC to the cloned VMs)
0
 
LVL 61

Expert Comment

by:gheist
ID: 39955756
NAT as from home router software seems to fullfill update access while not granting unneded access to isolated machines...
0
 

Author Comment

by:fieldj
ID: 39955904
Thanks Gheist, can you explain, add links for software please?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:fieldj
ID: 39955953
I found this article, this is pretty much what I am trying to achieve however my VLANs are the same IP range
http://blogs.msdn.com/b/canberrapfe/archive/2013/04/23/routing-traffic-between-subnets-in-your-hyper-v-lab.aspx
0
 
LVL 61

Expert Comment

by:gheist
ID: 39956078
Software download:
http://downloads.openwrt.org/backfire/10.03.1/x86_generic/
It needs two e1000 adapters, and one in "isolated" network will be one that you can use for configuration (like home router setup you know)
Start with beginners guide:
http://wiki.openwrt.org/doc/start
You need to enable NAT and set "isolated" IP address to where gateway was... And use one IP in not isolated network.
That way they all can connect out but nobody can connect in
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39956457
If you want something fun and interesting check out pfsense
https://pfsense.org/download/index.html

Not knocking rras, just never used it so I can't really help with that.
0
 

Accepted Solution

by:
fieldj earned 0 total points
ID: 39956585
Sorry I require a Windows based solution
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39956648
Microsoft points you here:
http://technet.microsoft.com/en-us/library/dd469630.aspx
Here is a blog with screenshots that uses it to tie wlan to lan, same thing you are doing with vlans
http://shannonbray.wordpress.com/2010/05/25/configuring-rras-for-windows-server-2008-r2/
0
 

Author Closing Comment

by:fieldj
ID: 39997122
When i bridged the connections (NICs in the different vLANs) i got a duplicate IP address on the network.  
I abandoned this approach as the side effects of getting the config wrong causes severe problems on the production network.  I have implemented another solution, which was to present a new default gateway.
Thanks for all your comments
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
In this article, I will show you HOW TO: Create your first Windows Virtual Machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, the Windows OS we will install is Windows Server 2016.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

29 Experts available now in Live!

Get 1:1 Help Now