NAT problems on multihomed (3 NIC's) Win2K DC

  • Thread starter Thread starter J. Jensen
  • Start date Start date
J

J. Jensen

Scenario:

Multihomed Win2k server SP3.

3 NICs: One public for internet and 2 private for 2 LAN segments.

If NAT is off, group policies are applied on both private segments and
_everything_ works as it is supposed to.

If I enable NAT and add one of the LAN segments (LAN1) adapters as private
interface + add the internet adapter as public, computers on
LAN2 can't locate Domain Controller and group policies are not applied.
They can still access shared folders/printers on DC with no problems.

On LAN1 everything is OK. Policies are applied and they can access internet.

If I then add LAN2 as private, they can also access internet + all shared
folders/printers on DC, but policies still aren't applied.

Eventlog on DC contains this error:

Event 20106 error:
Source: Remote Access
Category: None
Description: Unable to add the interface Internal with the Router Manager
for the IP protocol.
The following error occurred:
the parameter is incorrect


Any suggestions?

Regards

Jesper Jensen
 
I currently have 2 NICS on my Win2k Server, with 2 network segments,
one of which has a Cisco router connected to the internet. I'm having
issues with this configuration, so I am seriously considering adding a
third NIC in order to end up with one public and 2 private interfaces,
exactly as you have.

Go into Routing and Remote Access (RRAS) control panel, and look under
NAT, and right click each interface in turn and let me know...is just
the external one configured as public (with the checkbox for translate
TCP/UDP headers checked) and BOTH the internal (LAN1 and LAN2) set to
private? Because that's what I was hoping to do and hoping (thinking)
would work.

What is the default gateway set to for PCs on each LAN segment? What IP
range is each LAN segment? Are they different subnets?

What IP address is each of the private NICs on the server set to?

I solved some AD issues with the setup I have by using the following
article and running the command midway down the page:
http://support.microsoft.com/?id=270152
Seems that NAT somehow can block some LDAP calls, which AD apparently
uses. It solved a problem where one of my subnets wasn't able to access
the AD properly. Perhaps it will help you...

Sorry I'm not much help here, but I really hope you find the solution,
as I will be trying this exact config in the next week.
 
Back
Top