2003 server config for routing and remote access

  • Thread starter Thread starter Realsaulnier
  • Start date Start date
R

Realsaulnier

Hello all,

I have a windows 2003 server setup. My PC's all see the network and
each other. My server sees the internet. Now the problem is the PC's
can see past the server.
Under routing and remote access, NAT/Basic Firewall settings my
internal network interface will not allow me to to select NAT.
everything is grayed out. All I can select is private network.
I also noticed that under IP Routing, General, the internal interface
says "IP Address" Not available. "Administrative status" Unknown and
"Operational Status" Non-operational.
I could use some help, than you.
 
How does your server connect to the Internet? Is there a NIC on the
"public" side to act as the public interface for NAT?

If not, you will need to set up a demand-dial interface and give it a
default route to the Internet. You can then configure it as the public
interface for NAT.
 
2 NIC's, one for the internet side and one for the network side. Both
cards seem to be working I just can't seem to allow them to see each
other.
 
Hello Bill,

Yes I have a card for the LAN side (server LAN) and a card for the WAN
side ( network Conection) both card have a static IP and are working.
Both cards under IP routing/General have
Type=Deticated
IP address=192.168.0.42 for one and 192.168.0.41 for the second
Administrative status=Up
Operational Status=Operational

The Internal card on the other hand is adiffrent story.
Type=Internal
IP address=Not available
Administrative atatus=Unknown
Operational status=Non-operational

Does this help?
 
You cannot have the NIC cards in the same subnet. If you use two NICs,
one must be in the same subnet as your LAN machines, and the other must have
a registered public IP address for NAT to work on this server. How does your
server access the Internet?

The interface called internal in RRAS is only used for remote access
(RAS or VPN) to this server. It will only become active if a remote user
connects to it.
 
OK, I changed the LAN nic card to 192.168.1.42. Same problem. My PC's
see the server but can't get past it.from my PC I can ping the NIC on
the network side (192.168.1.42) but I can't ping the nic on the other
side (192.168.0.41)
The NIC going to the internet goes to a cisco router then ADSL modem
and out. This is working fine.
 
It is always a good idea to explain the whole setup in the first place!

Can't the Cisco do NAT for your LAN? What address is on the inside
interface of the Cisco? A simple diagram of your network (with IP addresses
and default gateway settings) would help.
 
The router works fine. As I said the server sees the internet. The IP
on the router is 192.168.1.1 and yes the the router could do the NAT
for me but the idea of setting this up is the server would be the
proxy/firewall for the network. All the PC's are set to DHCP and run
IP's in the 192.168.0.X range. they all see the network fine. They run
through the first NIC (192.168.0.41)on the server. This is also setup
as the default gateway for the network. the other NIC on the server is
(192.168.1.41) and uses the router as the gateway out to the internet.
This also is working fine. The problem is the "Internal network
interface" This is not an actual card, this is something that
microsoft installs in the routing and remote access service to allow
the two networks see each other. everything other than that interface
is working. the fact that the setting on that interface say
Non-operational and administrative status unknown makes me think this
is where the problem is. Are there any settings in windows, DNS
settings, security policies, active directory, that could affect this
interface?
 
The internal network interface has nothing to do with this. It is only
used for remote access. If a RAS or VPN client ever connects to this server,
the internal interface will come to life. That's what it is for. It acts as
the server end of the point-to-point connection from a remote client.

To get back to your original problem. All the RRAS router has to do is
act as a LAN router to get the traffic to the other private subnet. It does
not need NAT. However you will probably need to add a static route to your
Cisco so that it knows how to reach the 192.168.0 subnet (via the RRAS
router).

So your network looks something like this.

Internet
|
Cisco
192.168.1.1
|
clients
192.168.1.x dg 192.168.1.1
|
192.168.1.41 dg 192.168.1.1
RRAS
192.168.0.41 dg blank
|
192.168.0.x dg 192.168.0.41

All you need is a route on the Cisco to forward traffic for 192.168.0.0
to the RRAS router. eg

192.168.0.0 255.255.255.0 192.168.1.41
 
Thanks. I was looking in the wrong place. Once I removed the internal
interface and double checked all the IP's I had set up it started
working. The big test is tomorrow when I replace the server with the
one that's running the network tomorrow but so far so good.
 
I have the same problem with the Internal interface
showing as non-operational. But do not see any options
to remove the internal IF. THe only options I have is to
refresh. How do you remove and reinstall the internal
interface? My VPN does not work and I belive it is tied
to the non-operating IF. Since other servers I looked at
showed that IF as working and with an IP address. Whats
up with that IF???
Thanks...any help for me???
 
The internal interface is what the remote user connects to. It is not
operational because you haven't managed to connect yet. When you do connect,
it will become operational. So it is a symptom, not a cause.
 
Back
Top