Proper use of RRAS??

  • Thread starter Thread starter J Porter
  • Start date Start date
J

J Porter

3 servers running Win2K, 2 of these as Terminal Servers, each with 2 NICs.
The 1st NIC goes to a HW router to the internet and uses xxx.yyy.zzz.www
addressing from our Class C. The 2nd NIC goes to a swtch connecting the 3
servers and uses 192.168.x.y addressing. As I read the RRAS docs, RRAS
should be set up on all 3 servers which is what I have installed. Did I read
this correctly?

Number 3 server has a static router to Number 2 server.
Number 1 server has a static route to Number 2 AND a static route to the
internet router.
Number 2 server has a static route to Number 1 and to Number 3.

Everything connects fine except that Number 1 server won't access the
internet unless I add this static route to the internet router. Neither
Number 3 nor Number 2 require this particlar routing.

The Routing table shows a Destination 0.0.0.0 Subnet 0.0.0.0 Gateway
xxx.yyy.zzz.www (the internet HW router) This is what I entered the static
route to be. It works but is it correct?? Why are the other 2 servers able
to access the internet using their 1st NIC without a static route
specifically pointing to the internet router?

Since the routing table already shows the route to the internet, why do I
have to manually make an entry for that route on the Number 1 server?

BTW...Number 2 server is a file server and I only installed an internet
connection for maintenance purposes. It won't normally connect to the
internet.

I think I need a lesson and some examples on how to properly use RRAS...
-- TIA
~Joe
 
Hi,

RRAS is supposed to be installed only on 1 machine : your remote access
machine (VPN, modem, ..) then once you are connected, you can TSE the 2
other ones.

I must admin that I don't get why you have so many NICs on your network.

Usually we have :

internet ---> router ---> FirewalWANNic--->FirewallLANNic ---> Swith ...
and all the servers. In this config; all the servers use the firewall as the
default gateway.

By firewall I mean the machine in charge of the protection of the internal
network (maybe it is installed on your router).

Now, if you only user RRAS for modem connections .. that is a little bit
different.

Let us know.
 
Thanks for the reply, but the setup is not exactly my best choice. The two
Terminal Servers must be high availability as they are accessed directly
(aka a small TS farm). The 3rd system is a file server serving the two TSs.

The biggest problem is the 3rd server (a file server) serving up some
dongle-protected software apps to the two TSs. (I couldn't even do any
testing of a network arrangement until the last minute when I could move the
dongle.... yuck...) The file server software also has to communicate to a
3rd party, hence it's own NIC. I used all these extra NICs to provide as
much bandwidth as possible to each segment. Everything on the LAN side is
gigabit and it's still slow simply because the SW app is so big.

It's all working (looking toward heaven) but I just don't understand all
there is to know about how to use RRAS properly in this arrangement. BTW..
there are no modems or VPN being used. Everything must be addressed either
by an IP address and mapped drives. Security coding in the SW app won't
allow \\servername type addressing.

I may eventually try to re-design the whole thing, but this is how I was
told it had to be due to the dongle security of the software app.

FE-FR said:
Hi,

RRAS is supposed to be installed only on 1 machine : your remote access
machine (VPN, modem, ..) then once you are connected, you can TSE the 2
other ones.

I must admin that I don't get why you have so many NICs on your network.

Usually we have :

internet ---> router ---> FirewalWANNic--->FirewallLANNic ---> Swith ...
and all the servers. In this config; all the servers use the firewall as the
default gateway.

By firewall I mean the machine in charge of the protection of the internal
network (maybe it is installed on your router).

Now, if you only user RRAS for modem connections .. that is a little bit
different.

Let us know.

--
FE (MVP ISA)
(e-mail address removed)
You plan to implement Quarantine on ISA 2004 ?
Check this :
Click to expand...
http://www.esnouf.net/programs/QSS/qssinaction/QssInAction.htm
 
You mean that you only use RRAS (Routing and Remote Using Services) only for
the first R, ... Routing ? am I right ?

FE
 
Back
Top