Routing from External to Internal through Remove Server

  • Thread starter Thread starter SM
  • Start date Start date
S

SM

I am a bit new to this so will try to explain what I need help with as best
as possible.

I have a Win2K server running on an internal network with ip 172.20.72.13

It is a RAS (VPN) Server that gives addresses from a pool 172.20.72.200-230
to those that connect in through the internet.

Inside the network there is a system with ipaddress 172.20.75.252 running on
the same netmask

I need to route that externally assigned ipaddress (say 172.20.72.201) so it
can communicate nicely with the 172.20.75.252. I don't understand the
routing options in the remote access and routing server so have no idea
where to begin.

Ideas?

Cheers
Mark
 
When you say
"172.20.75.252 running on the same netmask"
are you referring them being on the same local segment ( meaning no router
separates the addresses into multiple segments )

Just because the subnet mask is identical, doesn't mean they lie on the same
local network ( for example if you were using a /24 subnet mask ).

If the machine is located on the local segment, then you simply need to
verify that the Enable IP Routing checkbox is checked in the RRAS Server IP
Properties. This enables packets to come in from one interface, and go out
a different interface.

If the machine is not located on the local segment, then you need to verify
3 things
1) The Enable IP Routing check box is checked in the RRAS Server IP
Properties
2) The RRAS Server has a route to the subnet the machine is on
3) The remote machine has a route to get back to the RRAS Server's
subnet
 
When you use an address pool in the same subnet as the LAN NIC, you are
really using a trick to avoid routing. Because they are in the same subnet,
no real IP routing takes place. The traffic from the remotes is just
forwarded onto the LAN as a normal Ethernet frame with a hardware (MAC)
address, and looks just like a frame from any other LAN machine. When a
frame addressed to this MAC address appears on the LAN, the server picks it
up (using proxy ARP) and delivers it to the client over the point-to-point
link. So the remote client appears to be just another LAN machine.

So if it is going to work it just works. There is nothing you need to
do. Sometimes it doesn't work. Some switched networks are OK and some are
not. I suspect it depends on how they handle ARP. (I am not clued up on what
happens at the hardware level).

If it doesn't work, in my opinion you are better off to forget it and
give the remotes IP addresses in their own subnet. Then enable the RRAS as a
LAN router and just regard the remotes as another routed subnet.
 
Back
Top