stuck with 2 routers

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Here's my problem:

I work at a financial institution with a dedicated link to
our business processor. We are running SBS 2002 with 2
NIC's, and also running Exchange 2000.

They have installed a frame relay to a Cisco router linked
to their headquarters in California. They assigned static
IP's to all workstations and utilize IIS to communicate
through the router to their HQ. They originally assigned
a static IP to the server and entered their DNS
information in the NIC properties. This reallly messed up
my DNS server.

I have since removed the DNS entries, reestablished DNS
services and forwarded their DNS IP's. That problem is
solved.

I now want to add a DSL link to the internet and am lost
in the mix of things.

Here's the topology:

The Cisco router is attached to the network switch which
in turn is connected to the internal LAN.

Server NIC1 IP 10.137.201.5
subnet mask 255.255.255.0
Default Gateway 10.137.201.1
DNS servers 10.17.10.18
10.17.10.19

The second NIC is connected directly to the
firewall/router which in turn is connected via public
static IP to the DSL router

Server NIC2 192.168.0.5
subnet mask 255.255.255.0
no default gateway specified
DNS server 216.174.212.5
216.174.212.6

I can ping only the NIC1 from any node on the network. I
cannot resolve internet domain names from any workstation.

I can ping the firewall/router IP address from the server,
but not an IP address external to the firewall router.

Connectivity to the internal LAN/Cisco routed network
works fine from any node or the file server.

Any assistance would be greatly appreciated.

Thanks in advance,
Mike H
I have enabled RRAS as an internet server (no ICS) and am
at a loss at this point.

I would like some assistance in providing the proper
routing to make the internet and email aailable to my
network clients.

Internet----router/firewall----server NIC2
 
For this to work, your RRAS router must be the default gateway of your
LAN. All LAN clients must be set to point to it. Traffic for HO will need
extra routing info
to get to the Cisco. You can add this to each client, or just add it to the
RRAS router.

For name resolution to work properly, all LAN clients should point to
your local DNS. Your local DNS should be set to forward to some other DNS
server which can resolve "foreign" addresses. Just putting the ISP's DNS
address on the server's NIC doesn't help the LAN clients. (That solution
will only work with ICS, which is set to relay DNS requests).

You don't neeed to run the RRAS server as an Internet server. The
firewall/router is in fact your Internet router (doing NAT etc). Your RRAS
router is simply a LAN router connecting the LAN to the 192.168.0 subnet.

Internet
|
firewall
192.168.0.1
|
192.168.0.5 dg 192.168.0.1
RRAS
10.137.201.5 dg blank
|
workstations
10.137.201.x dg 10.137.201.5
|
Cisco
10.137.210.1

You will need to add a static route to the firewall so that it knows how
to reach your LAN machines eg

10.137.201.0 255.255.255.0 192.168.0.5

You also need extra routing so that your LAN clients know how to reach
the HO site. eg

10.0.0.0 255.0.0.0 10.137.210.1

You can add this route to each client, or you can just add it to the
RRAS router. The RRAS router will redirect HO traffic to the Cisco and send
all other traffic to the firewall.

To avoid name resolution problems, make sure that the 192.168 interface
of the server has Netbios over TCP/IP disabled, and that it is not set to
register itself in DNS. You only want its 10.137 IP appearing on the LAN.
 
Bill Grant:

I followed your instructions to the letter (well, I
modified them a little because the original default
gateway was 10.137.201.1 not .210.1)

I reconfigured the RRAS to be a LAN router and added the
route as suggested. No internet access. I can ping by
IP address both sides of RRAS from any node. I can ping
by IP address either of the x.x.x.1 firewall or Cisco
routers. I cannot ping by any domain from any node or
the server.

After making the gateway, DNS, changes I seems to have
messed up my DNS as well.

Here are the route tables:

Firewall -
Dest Mask Gateway I/F Metric
192.168.0.0 255.255.255.0 192.168.0.1 LAN 1
192.168.0.1 255.255.255.0 192.168.0.1 LAN 0
XX.XXX.XXX.232 255.255.255.248 XX.XXX.XXX.234 WAN 1
XX.XXX.XXX.234 255.255.255.248 XX.XXX.XXX.234 WAN 0
10.137.201.0 255.255.255.0 192.168.0.5 LAN 1
(last one was added per your instructions, I assumed 1
hop)

RRAS -
0.0.0.0 0.0.0.0 192.168.0.1 NIC2 1
10.0.0.0 255.0.0.0 10.137.201.1 NIC1 1
10.137.201.0 255.255.255.0 10.137.201.5 NIC1 1
10.137.201.5 255.255.255.255 127.0.0.1 loop 1
10.255.255.255 255.255.255.255 10.137.201.5 NIC1 1
127.0.0.0 255.0.0.0 127.0.0.1 loop 1
127.0.0.1 255.255.255.255 127.0.0.1 loop 1
192.168.0.0 255.255.255.0 192.168.0.5 NIC2 1
192.168.0.5 255.255.255.255 127.0.0.1 loop 1
224.0.0.0 240.0.0.0 192.168.0.5 NIC2 1
224.0.0.0 240.0.0.0 10.137.201.5 NIC1 1
255.255.255.255 255.255.255.255 192.168.0.5 NIC2 1
255.255.255.255 255.255.255.255 10.137.201.5 NIC2 1

ROUTE PRINT: I'm fairly certain I captured the results
from both of the above within minutes of each other and I
believe without changing anything on the file server.
Why are the ruslts different?

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5
10.0.0.0 255.0.0.0 10.137.201.1 10.137.201.5
10.137.201.0 255.255.255.0 10.137.201.5 10.137.201.5
10.137.201.5 255.255.255.255 127.0.0.1 127.0.0.1
10.255.255.255 255.255.255.255 10.137.201.5 10.137.201.5
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5
224.0.0.0 224.0.0.0 10.137.201.5 10.137.201.5
224.0.0.0 224.0.0.0 192.168.0.5 192.168.0.5
255.255.255.255255.255.255.255 10.137.201.5 10.137.201.5
Default Gateway: 192.168.0.1

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : server1
Primary DNS Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domainname.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82540EM Based Network Connection
Physical Address. . . . . . . . . : 00-03-47-31-
04-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 10.137.201.5
NetBIOS over Tcpip. . . . . . . . : Disabled


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-03-47-31-
04-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.137.201.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.137.201.5
Primary WINS Server . . . . . . . : 10.137.201.5

Finally, results of netdiag/fix:

Computer Name: SERVER1
DNS Host Name: server1.domaname.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7,
GenuineIntel
List of installed hotfixes :
Q147222
Q322842
Q322913
q323172
Q323255
Q324096
Q324380
Q326830
Q326886
Q327269
Q327696
Q328310
Q329115
Q329170
Q329553
Q329834
Q331953
Q810649
Q810833
Q811493
Q811630
Q814033
Q815021
Q816093


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 192.168.0.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 10.137.201.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Primary WINS Server. . . . : 10.137.201.5
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2-E1C33D6F4DA2}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration
for 'server1.domainname.local' is incorrect on all DNS
servers.
PASS - All the DNS entries for DC are registered on
DNS server '10.137.201.5' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2-E1C33D6F4DA2}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2-E1C33D6F4DA2}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on
DC 'server1.domainname.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.


The command completed successfully

I'm fairly certain I've messed something up, especially
since I had DNS running without error before making the
suggested changes.

I will probably kill DNS and recreate tomorrow morning.

Any suggestions from the data presented? Is there
anything else I can provide to troubleshoot this
further? Sorry to be such a bonehead!

Thanks again for your assistance.

Regards and thanks,
Mike
 
The LAN routing looks OK. The firewall setup looks odd. Is it configured
to act as an Internet router? Does it do NAT? (It needs NAT to translate the
private IPs to public). It doesn't appear to have a default route to the
Internet. I would expect to see something like

0.0.0.0 0.0.0.0 xxx.xxx.xxx.234

mike said:
Bill Grant:

I followed your instructions to the letter (well, I
modified them a little because the original default
gateway was 10.137.201.1 not .210.1)

I reconfigured the RRAS to be a LAN router and added the
route as suggested. No internet access. I can ping by
IP address both sides of RRAS from any node. I can ping
by IP address either of the x.x.x.1 firewall or Cisco
routers. I cannot ping by any domain from any node or
the server.

After making the gateway, DNS, changes I seems to have
messed up my DNS as well.

Here are the route tables:

Firewall -
Dest Mask Gateway I/F Metric
192.168.0.0 255.255.255.0 192.168.0.1 LAN 1
192.168.0.1 255.255.255.0 192.168.0.1 LAN 0
XX.XXX.XXX.232 255.255.255.248 XX.XXX.XXX.234 WAN 1
XX.XXX.XXX.234 255.255.255.248 XX.XXX.XXX.234 WAN 0
10.137.201.0 255.255.255.0 192.168.0.5 LAN 1
(last one was added per your instructions, I assumed 1
hop)

RRAS -
0.0.0.0 0.0.0.0 192.168.0.1 NIC2 1
10.0.0.0 255.0.0.0 10.137.201.1 NIC1 1
10.137.201.0 255.255.255.0 10.137.201.5 NIC1 1
10.137.201.5 255.255.255.255 127.0.0.1 loop 1
10.255.255.255 255.255.255.255 10.137.201.5 NIC1 1
127.0.0.0 255.0.0.0 127.0.0.1 loop 1
127.0.0.1 255.255.255.255 127.0.0.1 loop 1
192.168.0.0 255.255.255.0 192.168.0.5 NIC2 1
192.168.0.5 255.255.255.255 127.0.0.1 loop 1
224.0.0.0 240.0.0.0 192.168.0.5 NIC2 1
224.0.0.0 240.0.0.0 10.137.201.5 NIC1 1
255.255.255.255 255.255.255.255 192.168.0.5 NIC2 1
255.255.255.255 255.255.255.255 10.137.201.5 NIC2 1

ROUTE PRINT: I'm fairly certain I captured the results
from both of the above within minutes of each other and I
believe without changing anything on the file server.
Why are the ruslts different?

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5
10.0.0.0 255.0.0.0 10.137.201.1 10.137.201.5
10.137.201.0 255.255.255.0 10.137.201.5 10.137.201.5
10.137.201.5 255.255.255.255 127.0.0.1 127.0.0.1
10.255.255.255 255.255.255.255 10.137.201.5 10.137.201.5
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5
224.0.0.0 224.0.0.0 10.137.201.5 10.137.201.5
224.0.0.0 224.0.0.0 192.168.0.5 192.168.0.5
255.255.255.255255.255.255.255 10.137.201.5 10.137.201.5
Default Gateway: 192.168.0.1

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : server1
Primary DNS Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domainname.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82540EM Based Network Connection
Physical Address. . . . . . . . . : 00-03-47-31-
04-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 10.137.201.5
NetBIOS over Tcpip. . . . . . . . : Disabled


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-03-47-31-
04-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.137.201.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.137.201.5
Primary WINS Server . . . . . . . : 10.137.201.5

Finally, results of netdiag/fix:

Computer Name: SERVER1
DNS Host Name: server1.domaname.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7,
GenuineIntel
List of installed hotfixes :
Q147222
Q322842
Q322913
q323172
Q323255
Q324096
Q324380
Q326830
Q326886
Q327269
Q327696
Q328310
Q329115
Q329170
Q329553
Q329834
Q331953
Q810649
Q810833
Q811493
Q811630
Q814033
Q815021
Q816093


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 192.168.0.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 10.137.201.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Primary WINS Server. . . . : 10.137.201.5
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2-E1C33D6F4DA2}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration
for 'server1.domainname.local' is incorrect on all DNS
servers.
PASS - All the DNS entries for DC are registered on
DNS server '10.137.201.5' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2-E1C33D6F4DA2}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2-E1C33D6F4DA2}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on
DC 'server1.domainname.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.


The command completed successfully

I'm fairly certain I've messed something up, especially
since I had DNS running without error before making the
suggested changes.

I will probably kill DNS and recreate tomorrow morning.

Any suggestions from the data presented? Is there
anything else I can provide to troubleshoot this
further? Sorry to be such a bonehead!

Thanks again for your assistance.

Regards and thanks,
Mike

-----Original Message-----
For this to work, your RRAS router must be the default gateway of your
LAN. All LAN clients must be set to point to it. Traffic for HO will need
extra routing info
to get to the Cisco. You can add this to each client, or just add it to the
RRAS router.

For name resolution to work properly, all LAN clients should point to
your local DNS. Your local DNS should be set to forward to some other DNS
server which can resolve "foreign" addresses. Just putting the ISP's DNS
address on the server's NIC doesn't help the LAN clients. (That solution
will only work with ICS, which is set to relay DNS requests).

You don't neeed to run the RRAS server as an Internet server. The
firewall/router is in fact your Internet router (doing NAT etc). Your RRAS
router is simply a LAN router connecting the LAN to the 192.168.0 subnet.

Internet
|
firewall
192.168.0.1
|
192.168.0.5 dg 192.168.0.1
RRAS
10.137.201.5 dg blank
|
workstations
10.137.201.x dg 10.137.201.5
|
Cisco
10.137.210.1

You will need to add a static route to the firewall so that it knows how
to reach your LAN machines eg

10.137.201.0 255.255.255.0 192.168.0.5

You also need extra routing so that your LAN clients know how to reach
the HO site. eg

10.0.0.0 255.0.0.0 10.137.210.1

You can add this route to each client, or you can just add it to the
RRAS router. The RRAS router will redirect HO traffic to the Cisco and send
all other traffic to the firewall.

To avoid name resolution problems, make sure that the 192.168 interface
of the server has Netbios over TCP/IP disabled, and that it is not set to
register itself in DNS. You only want its 10.137 IP appearing on the LAN.




.
Click to expand...
Click to expand...
 
Bill:

I will create that entry in the routing tabel on the
device. I'll let you know what I discover tomorrow am.

Thanks,
Mike
-----Original Message-----
The LAN routing looks OK. The firewall setup looks odd. Is it configured
to act as an Internet router? Does it do NAT? (It needs NAT to translate the
private IPs to public). It doesn't appear to have a default route to the
Internet. I would expect to see something like

0.0.0.0 0.0.0.0 xxx.xxx.xxx.234

Bill Grant:

I followed your instructions to the letter (well, I
modified them a little because the original default
gateway was 10.137.201.1 not .210.1)

I reconfigured the RRAS to be a LAN router and added the
route as suggested. No internet access. I can ping by
IP address both sides of RRAS from any node. I can ping
by IP address either of the x.x.x.1 firewall or Cisco
routers. I cannot ping by any domain from any node or
the server.

After making the gateway, DNS, changes I seems to have
messed up my DNS as well.

Here are the route tables:

Firewall -
Dest Mask Gateway I/F Metric
192.168.0.0 255.255.255.0 192.168.0.1 LAN 1
192.168.0.1 255.255.255.0 192.168.0.1 LAN 0
XX.XXX.XXX.232 255.255.255.248 XX.XXX.XXX.234 WAN 1
XX.XXX.XXX.234 255.255.255.248 XX.XXX.XXX.234 WAN 0
10.137.201.0 255.255.255.0 192.168.0.5 LAN 1
(last one was added per your instructions, I assumed 1
hop)

RRAS -
0.0.0.0 0.0.0.0 192.168.0.1 NIC2 1
10.0.0.0 255.0.0.0 10.137.201.1 NIC1 1
10.137.201.0 255.255.255.0 10.137.201.5 NIC1 1
10.137.201.5 255.255.255.255 127.0.0.1 loop 1
10.255.255.255 255.255.255.255 10.137.201.5 NIC1 1
127.0.0.0 255.0.0.0 127.0.0.1 loop 1
127.0.0.1 255.255.255.255 127.0.0.1 loop 1
192.168.0.0 255.255.255.0 192.168.0.5 NIC2 1
192.168.0.5 255.255.255.255 127.0.0.1 loop 1
224.0.0.0 240.0.0.0 192.168.0.5 NIC2 1
224.0.0.0 240.0.0.0 10.137.201.5 NIC1 1
255.255.255.255 255.255.255.255 192.168.0.5 NIC2 1
255.255.255.255 255.255.255.255 10.137.201.5 NIC2 1

ROUTE PRINT: I'm fairly certain I captured the results
from both of the above within minutes of each other and I
believe without changing anything on the file server.
Why are the ruslts different?

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5
10.0.0.0 255.0.0.0 10.137.201.1 10.137.201.5
10.137.201.0 255.255.255.0 10.137.201.5 10.137.201.5
10.137.201.5 255.255.255.255 127.0.0.1 127.0.0.1
10.255.255.255 255.255.255.255 10.137.201.5 10.137.201.5
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5
224.0.0.0 224.0.0.0 10.137.201.5 10.137.201.5
224.0.0.0 224.0.0.0 192.168.0.5 192.168.0.5
255.255.255.255255.255.255.255 10.137.201.5 10.137.201.5
Default Gateway: 192.168.0.1

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : server1
Primary DNS Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domainname.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82540EM Based Network Connection
Physical Address. . . . . . . . . : 00-03-47-31-
04-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 10.137.201.5
NetBIOS over Tcpip. . . . . . . . : Disabled


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-03-47-31-
04-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.137.201.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.137.201.5
Primary WINS Server . . . . . . . : 10.137.201.5

Finally, results of netdiag/fix:

Computer Name: SERVER1
DNS Host Name: server1.domaname.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7,
GenuineIntel
List of installed hotfixes :
Q147222
Q322842
Q322913
q323172
Q323255
Q324096
Q324380
Q326830
Q326886
Q327269
Q327696
Q328310
Q329115
Q329170
Q329553
Q329834
Q331953
Q810649
Q810833
Q811493
Q811630
Q814033
Q815021
Q816093


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 192.168.0.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 10.137.201.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Primary WINS Server. . . . : 10.137.201.5
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2- E1C33D6F4DA2}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration
for 'server1.domainname.local' is incorrect on all DNS
servers.
PASS - All the DNS entries for DC are registered on
DNS server '10.137.201.5' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2- E1C33D6F4DA2}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2- E1C33D6F4DA2}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on
DC 'server1.domainname.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.


The command completed successfully

I'm fairly certain I've messed something up, especially
since I had DNS running without error before making the
suggested changes.

I will probably kill DNS and recreate tomorrow morning.

Any suggestions from the data presented? Is there
anything else I can provide to troubleshoot this
further? Sorry to be such a bonehead!

Thanks again for your assistance.

Regards and thanks,
Mike

-----Original Message-----
For this to work, your RRAS router must be the default gateway of your
LAN. All LAN clients must be set to point to it.
Click to expand...
Traffic
for HO will need
extra routing info
to get to the Cisco. You can add this to each client, or just add it to the
RRAS router.

For name resolution to work properly, all LAN clients should point to
your local DNS. Your local DNS should be set to
Click to expand...
forward
to some other DNS
server which can resolve "foreign" addresses. Just putting the ISP's DNS
address on the server's NIC doesn't help the LAN clients. (That solution
will only work with ICS, which is set to relay DNS requests).

You don't neeed to run the RRAS server as an Internet server. The
firewall/router is in fact your Internet router (doing NAT etc). Your RRAS
router is simply a LAN router connecting the LAN to
Click to expand...
the
192.168.0 subnet.
Internet
|
firewall
192.168.0.1
|
192.168.0.5 dg 192.168.0.1
RRAS
10.137.201.5 dg blank
|
workstations
10.137.201.x dg 10.137.201.5
|
Cisco
10.137.210.1

You will need to add a static route to the
Click to expand...
firewall
so that it knows how
to reach your LAN machines eg

10.137.201.0 255.255.255.0 192.168.0.5

You also need extra routing so that your LAN
Click to expand...
clients
know how to reach
the HO site. eg

10.0.0.0 255.0.0.0 10.137.210.1

You can add this route to each client, or you can just add it to the
RRAS router. The RRAS router will redirect HO traffic
Click to expand...
to
the Cisco and send
all other traffic to the firewall.

To avoid name resolution problems, make sure that the 192.168 interface
of the server has Netbios over TCP/IP disabled, and
Click to expand...
that
it is not set to
register itself in DNS. You only want its 10.137 IP appearing on the LAN.

Here's my problem:

I work at a financial institution with a dedicated link to
our business processor. We are running SBS 2002 with 2
NIC's, and also running Exchange 2000.

They have installed a frame relay to a Cisco router linked
to their headquarters in California. They assigned static
IP's to all workstations and utilize IIS to communicate
through the router to their HQ. They originally assigned
a static IP to the server and entered their DNS
information in the NIC properties. This reallly messed up
my DNS server.

I have since removed the DNS entries, reestablished DNS
services and forwarded their DNS IP's. That problem is
solved.

I now want to add a DSL link to the internet and am lost
in the mix of things.

Here's the topology:

The Cisco router is attached to the network switch which
in turn is connected to the internal LAN.

Server NIC1 IP 10.137.201.5
subnet mask 255.255.255.0
Default Gateway 10.137.201.1
DNS servers 10.17.10.18
10.17.10.19

The second NIC is connected directly to the
firewall/router which in turn is connected via public
static IP to the DSL router

Server NIC2 192.168.0.5
subnet mask 255.255.255.0
no default gateway specified
DNS server 216.174.212.5
216.174.212.6

I can ping only the NIC1 from any node on the network. I
cannot resolve internet domain names from any workstation.

I can ping the firewall/router IP address from the server,
but not an IP address external to the firewall router.

Connectivity to the internal LAN/Cisco routed network
works fine from any node or the file server.

Any assistance would be greatly appreciated.

Thanks in advance,
Mike H
I have enabled RRAS as an internet server (no ICS)
Click to expand...
and
am
at a loss at this point.

I would like some assistance in providing the proper
routing to make the internet and email aailable to my
network clients.

Internet----router/firewall----server NIC2


.
Click to expand...
Click to expand...


.
Click to expand...
 
Bill:

That entry didn't help a bit! I cleaned up DNS and that's
no longer an issue.

Any other information I could provide to facilitate
discovery of the error of my ways?

Thanks again,
Mike
-----Original Message-----
Bill:

I will create that entry in the routing tabel on the
device. I'll let you know what I discover tomorrow am.

Thanks,
Mike
-----Original Message-----
The LAN routing looks OK. The firewall setup looks odd. Is it configured
to act as an Internet router? Does it do NAT? (It needs NAT to translate the
private IPs to public). It doesn't appear to have a default route to the
Internet. I would expect to see something like

0.0.0.0 0.0.0.0 xxx.xxx.xxx.234

Bill Grant:

I followed your instructions to the letter (well, I
modified them a little because the original default
gateway was 10.137.201.1 not .210.1)

I reconfigured the RRAS to be a LAN router and added the
route as suggested. No internet access. I can ping by
IP address both sides of RRAS from any node. I can ping
by IP address either of the x.x.x.1 firewall or Cisco
routers. I cannot ping by any domain from any node or
the server.

After making the gateway, DNS, changes I seems to have
messed up my DNS as well.

Here are the route tables:

Firewall -
Dest Mask Gateway I/F Metric
192.168.0.0 255.255.255.0 192.168.0.1 LAN 1
192.168.0.1 255.255.255.0 192.168.0.1 LAN 0
XX.XXX.XXX.232 255.255.255.248 XX.XXX.XXX.234 WAN 1
XX.XXX.XXX.234 255.255.255.248 XX.XXX.XXX.234 WAN 0
10.137.201.0 255.255.255.0 192.168.0.5 LAN 1
(last one was added per your instructions, I assumed 1
hop)

RRAS -
0.0.0.0 0.0.0.0 192.168.0.1 NIC2 1
10.0.0.0 255.0.0.0 10.137.201.1 NIC1 1
10.137.201.0 255.255.255.0 10.137.201.5 NIC1 1
10.137.201.5 255.255.255.255 127.0.0.1 loop 1
10.255.255.255 255.255.255.255 10.137.201.5 NIC1 1
127.0.0.0 255.0.0.0 127.0.0.1 loop 1
127.0.0.1 255.255.255.255 127.0.0.1 loop 1
192.168.0.0 255.255.255.0 192.168.0.5 NIC2 1
192.168.0.5 255.255.255.255 127.0.0.1 loop 1
224.0.0.0 240.0.0.0 192.168.0.5 NIC2 1
224.0.0.0 240.0.0.0 10.137.201.5 NIC1 1
255.255.255.255 255.255.255.255 192.168.0.5 NIC2 1
255.255.255.255 255.255.255.255 10.137.201.5 NIC2 1

ROUTE PRINT: I'm fairly certain I captured the results
from both of the above within minutes of each other and I
believe without changing anything on the file server.
Why are the ruslts different?

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5
10.0.0.0 255.0.0.0 10.137.201.1 10.137.201.5
10.137.201.0 255.255.255.0 10.137.201.5 10.137.201.5
10.137.201.5 255.255.255.255 127.0.0.1 127.0.0.1
10.255.255.255 255.255.255.255 10.137.201.5 10.137.201.5
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5
224.0.0.0 224.0.0.0 10.137.201.5 10.137.201.5
224.0.0.0 224.0.0.0 192.168.0.5 192.168.0.5
255.255.255.255255.255.255.255 10.137.201.5 10.137.201.5
Default Gateway: 192.168.0.1

Windows 2000 IP Configuration



Host Name . . . . . . . . . . . . : server1
Primary DNS Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domainname.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82540EM Based Network Connection
Physical Address. . . . . . . . . : 00-03-47-31-
04-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 10.137.201.5
NetBIOS over Tcpip. . . . . . . . : Disabled


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-
based PCI Ethernet Adapter (10/100)
Physical Address. . . . . . . . . : 00-03-47-31-
04-EF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.137.201.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.137.201.5
Primary WINS Server . . . . . . . : 10.137.201.5

Finally, results of netdiag/fix:

Computer Name: SERVER1
DNS Host Name: server1.domaname.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 2 Stepping 7,
GenuineIntel
List of installed hotfixes :
Q147222
Q322842
Q322913
q323172
Q323255
Q324096
Q324380
Q326830
Q326886
Q327269
Q327696
Q328310
Q329115
Q329170
Q329553
Q329834
Q331953
Q810649
Q810833
Q811493
Q811630
Q814033
Q815021
Q816093


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 192.168.0.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test
skipped]

WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test
skipped].

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : server1
IP Address . . . . . . . . : 10.137.201.5
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Primary WINS Server. . . . : 10.137.201.5
Dns Servers. . . . . . . . : 10.137.201.5


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Skipped
[WARNING] No gateways defined for this
adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2- E1C33D6F4DA2}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration
for 'server1.domainname.local' is incorrect on all DNS
servers.
PASS - All the DNS entries for DC are registered on
DNS server '10.137.201.5' and other DCs also have some of
the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2- E1C33D6F4DA2}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the
browser
NetBT_Tcpip_{7EE0FA46-5908-439E-BEB2- E1C33D6F4DA2}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on
DC 'server1.domainname.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is
assigned.


The command completed successfully

I'm fairly certain I've messed something up, especially
since I had DNS running without error before making the
suggested changes.

I will probably kill DNS and recreate tomorrow morning.

Any suggestions from the data presented? Is there
anything else I can provide to troubleshoot this
further? Sorry to be such a bonehead!

Thanks again for your assistance.

Regards and thanks,
Mike


-----Original Message-----
For this to work, your RRAS router must be the
default gateway of your
LAN. All LAN clients must be set to point to it. Traffic
for HO will need
extra routing info
to get to the Cisco. You can add this to each client,
or just add it to the
RRAS router.

For name resolution to work properly, all LAN
clients should point to
your local DNS. Your local DNS should be set to forward
to some other DNS
server which can resolve "foreign" addresses. Just
putting the ISP's DNS
address on the server's NIC doesn't help the LAN
clients. (That solution
will only work with ICS, which is set to relay DNS
requests).

You don't neeed to run the RRAS server as an
Internet server. The
firewall/router is in fact your Internet router (doing
NAT etc). Your RRAS
router is simply a LAN router connecting the LAN to the
192.168.0 subnet.

Internet
|
firewall
192.168.0.1
|
192.168.0.5 dg 192.168.0.1
RRAS
10.137.201.5 dg blank
|
workstations
10.137.201.x dg 10.137.201.5
|
Cisco
10.137.210.1

You will need to add a static route to the firewall
so that it knows how
to reach your LAN machines eg

10.137.201.0 255.255.255.0 192.168.0.5

You also need extra routing so that your LAN clients
know how to reach
the HO site. eg

10.0.0.0 255.0.0.0 10.137.210.1

You can add this route to each client, or you can
just add it to the
RRAS router. The RRAS router will redirect HO traffic to
the Cisco and send
all other traffic to the firewall.

To avoid name resolution problems, make sure that
the 192.168 interface
of the server has Netbios over TCP/IP disabled, and that
it is not set to
register itself in DNS. You only want its 10.137 IP
appearing on the LAN.

message
Here's my problem:

I work at a financial institution with a dedicated
link to
our business processor. We are running SBS 2002 with 2
NIC's, and also running Exchange 2000.

They have installed a frame relay to a Cisco router
linked
to their headquarters in California. They assigned
static
IP's to all workstations and utilize IIS to communicate
through the router to their HQ. They originally
assigned
a static IP to the server and entered their DNS
information in the NIC properties. This reallly
messed up
my DNS server.

I have since removed the DNS entries, reestablished DNS
services and forwarded their DNS IP's. That problem is
solved.

I now want to add a DSL link to the internet and am
lost
in the mix of things.

Here's the topology:

The Cisco router is attached to the network switch
which
in turn is connected to the internal LAN.

Server NIC1 IP 10.137.201.5
subnet mask 255.255.255.0
Default Gateway 10.137.201.1
DNS servers 10.17.10.18
10.17.10.19

The second NIC is connected directly to the
firewall/router which in turn is connected via public
static IP to the DSL router

Server NIC2 192.168.0.5
subnet mask 255.255.255.0
no default gateway specified
DNS server 216.174.212.5
216.174.212.6

I can ping only the NIC1 from any node on the
network. I
cannot resolve internet domain names from any
workstation.

I can ping the firewall/router IP address from the
server,
but not an IP address external to the firewall router.

Connectivity to the internal LAN/Cisco routed network
works fine from any node or the file server.

Any assistance would be greatly appreciated.

Thanks in advance,
Mike H
I have enabled RRAS as an internet server (no ICS) and
am
at a loss at this point.

I would like some assistance in providing the proper
routing to make the internet and email aailable to my
network clients.

Internet----router/firewall----server NIC2


.
Click to expand...


.
Click to expand...
.
Click to expand...
 
Bill:

Here's how simple the soution was....

The DSL router circuit was down (though the router showed
it as trained up).

Power cycled the router after the ISP resolved things on
their end and presto! Internet access from all nodes!

Thanks for your assistance. I hope I can share what I
learned with someone else down the road.

Regards,
Mike
 
Back
Top