Simple LAN to WAN routing.

[Guest]

This is probably a dumb question, but I have been completely unable to setup
a simple nat routing.

I am the IT admin at a School and we have just had our internet connection
changed from a direct public ip into an authority run WAN, unfortunately the
WAN connection conflicts with the current LAN configuration. Our LAN is on
10.40/22 and the WAN is on 10/8.

I have setup ISA 2004 to connect through the WAN upstream proxy.

But I need to be able to connect to the WAN intranet site, and I can;'t
figure out how to do this.

The range that we have been assigned from the WAN is: 10.36.43/24 for
clerical computers. The WAN intranet is on 10.170.1.50, so obviously I need
to do NAT or our computers will conflict with some other school.

I have tried to setup a win2k router ( with nothing else installed ), onto:
WAN IP:10.36.43.100
WAN SM:255.0.0.0
WAN GW:10.36.40.5 (the local router configured by the WAN, I have no access)
LAN IP:10.40.3.100
LAN SM:255.255.252.0

I have set a test machine up on the LAN side with the settings:
LAN IP:10.40.3.85
LAN SM:255.255.252.0
LAN GW:10.40.3.100

But nothing I do seems to work.

Should I be setting either of the connections to be Public?
I have tried all combinations of Pub/Priv, Pub/Pub, Priv/Priv, Priv/Pub.
I have also tried setting ISP assigned address pool for the WAN of
10.36.43.1-99.
I have tried setting up the Special ports for TCP &/or UDP for redirecting
to the 10.107.1.50:80.




A diagram:

Internet
|
WAN proxy WAN Intranet
10.12.4.60 10.107.1.50
| |
-------------------------
|
WAN configured Hardware Router
10.36.40.5
|
-------------------------
| |
10.36.43.96 10.36.43.100
LAN ISA proxy LAN Win2k Router
10.40.3.96 10.40.3.100
| |
--------------------------
|
10.40.0.1 to 10.40.3.255
LAN Clients and Servers


PS: We use Win 2000 AD with Win 2000/2003 servers. The clients are all Win
2000 Pro/XP Pro. The clients are a mixture of DHCP and static IP's
(annoyingly).

 

[Bill Grant]

As far as your RRAS router is concerned, your local 10.40.x.y machines are
on your private network. Everything "outside" the RRAS router is "public"
from NAT's point of view.

So 10.36.43.100 is the server's public interface, and 10.40.3.100 isits
privat interface in NAT. The router's default route should be to the
hardware router via the public NIC. You should not need any other settings.

Having said that, it won't solve your problems. Your clients are
configured to use a proxy server. So any HTTP request will go to your proxy
server directly (using the IP address coded into their proxy settings). They
will not be trying to access the intranet via your RRAS server. So your RRAS
server isn't really doing anything.

What you really need is for your ISA server to be aware that the
intranet server is inside the WAN, and to access it directly rather than
through the WAN proxy server. I am not familiar with ISA 2004, but it should
be able to handle that. Try posting just a description and diagram of the
proxy layout in the isa newsgroup.

 

[Guest]

Actually, no, for the test machine that I was using, I was bypassing the ISA,
although the other machines on the network were using the ISA as I didn't
want to kill the internet connection while configuring the intranet.

I am not sure if ISA will allow this routing of non-routable addresses,
because I was trying to do so before I thoght about using RRAS but I have
posted a similar question onto the ISA forums.

How long does the routing take to work ?
I have noticed that when I change settings on ISA, the console responds as
if everything is set and finished with, but it takes upto 5 minutes for it to
actually take effect on the clients.