Connecting 2 networks via Win 2003 server

  • Thread starter Thread starter Mart
  • Start date Start date
M

Mart

Hi,

Apologies if this is already covered.

For testing purposes, I am trying to connect 2 PC's on different
subnets via a Win 2003 server with Routing and Remote Access.

I have the following setup:

PC1 ip: 192.168.254.1
subnet: 255.255.255.0
dgway: 192.168.254.252

Win2003 Server
nic1: ip: 192.168.254.250
subnet: 255.255.255.0
dgway:

nic2: ip: 192.168.253.254
subnet: 255.255.255.0
dgway:

PC2 ip: 192.168.253.10
subnet: 255.255.255.0
dgway: 192.168.253.254


On 192.168.254.252 is our Cisco PIX firewall through which we connect
to the Internet.

I am unable to connect PC1 and PC2 together. I can from PC2 to
192.168.253.254 and 192.168.254.250.

Is there anything I need to set within the Routing and Remote Access,
or do I need to set a static route or something similar on the PIX
firewall?

Many thanks for any help.

Martin
 
this is a routing issue.

PC1 ip: 192.168.254.1
subnet: 255.255.255.0
dgway: 192.168.254.252

since the pc1 dg point to the cisco PIX, all traffic to the firewall. So, in the firewall, you need to add another route back to 192.168.253.0 if the traffic to the pc2. Alternatively, you may add route in the pc1 manually. For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.


Hi,

Apologies if this is already covered.

For testing purposes, I am trying to connect 2 PC's on different
subnets via a Win 2003 server with Routing and Remote Access.

I have the following setup:

PC1 ip: 192.168.254.1
subnet: 255.255.255.0
dgway: 192.168.254.252

Win2003 Server
nic1: ip: 192.168.254.250
subnet: 255.255.255.0
dgway:

nic2: ip: 192.168.253.254
subnet: 255.255.255.0
dgway:

PC2 ip: 192.168.253.10
subnet: 255.255.255.0
dgway: 192.168.253.254


On 192.168.254.252 is our Cisco PIX firewall through which we connect
to the Internet.

I am unable to connect PC1 and PC2 together. I can from PC2 to
192.168.253.254 and 192.168.254.250.

Is there anything I need to set within the Routing and Remote Access,
or do I need to set a static route or something similar on the PIX
firewall?

Many thanks for any help.

Martin
 
Thanks for your reply. I have added the following to the PIX firewall
however I am still not able to ping PC1:

route inside 192.168.253.254 255.255.255.0 192.168.254.250

(where .250 is the address of nic1). Is this obviously wrong, or
should I be reverting this now to a cisco newsgroup.

Martin
 
What the static route needs to do is forward all traffic for the subnet
to the RRAS router. The firewall doesn't know how to reach the inner subnet,
because it doesn't have an interface in that subnet. You need to forward
that traffic to the RRAS router, which does have an interface in that subnet
and can deliver the packets.

So the static route should be

192.168.253.0 255.255.255.0 192.168.254.250
 
On Thu, 12 May 2005 12:05:40 +1000, "Bill Grant"

I had tried both 192.168.253.254 and 192.168.253.0 but neither worked
which led me to believe I may need to set an ICMP access rule?

Martin
 
It shouldn't really matter. When a client in 192.168.254 tries to access
a target machine in 192.168.253 , the packet will go to its default router
(the PIX at 192.168.254.252) . The PIX will redirect the packet to
192.168.254.250 (the RRAS router) because of the static route you added.
After this, it should send an ICMP redirect to the sender to inform it of
the correct address to use in future. But the packet should have already
gone.

What happens if you put the static route directly on the client? That
should bypass the PIX altogether. The client should send the packet to the
RRAS router itself.
 
On Fri, 13 May 2005 10:34:36 +1000, "Bill Grant"

If I place a static route on the PC1, I am able to ping PC1 from PC2.
However I am unable to ping PC2 from PC1. I'm getting very confused!

The fact that this does not happen when I do not have the static route
on the PC, but in the firewall, does this mean that ICMP redirect
packets are not being allowed through?
 
I am not sure exactly what it means! There is certainly something funny
happening on the PIX. I am not familiar with that firewall, so I can't
really say what the problem is. But the problem is there, not at the RRAS
router.
 
Back
Top