Routing Urgent problem!

[William Cooper]

Hi

I have a problem with configuring Win2k Server SP4 RRAS for routing. Okay I
have two networks 184.155.0.0 mask 255.255.0.0 and 192.168.200.0 mask
255.255.255.0. There are two NICs in the server. 192.168.200.7 and
184.155.0.80. I have installed RRAS and built a router, also disabled the
remote access bit as I don't need it. I have tried setting up the static
route but whatever config I use it won't route. The clients on the
184.155.0.0 network have the default gateway set as 184.155.0.80 via DHCP.
They can ping both NICs in the 2k server, but nothing else on the
192.168.200.0 network. The 2k server can ping clients on both networks. I
don't want to route DHCP requests as there is a DHCP server on each
network.What am I missing help! I set this up once before about a year ago
and it worked, don't think I used static routes though. Lost config in
urgent OS change.

HELP!

William

 

[Phillip Windell]

There are no routes to create. You have two networks that from the routers
perspective they are "Directly Connected Networks", therefore the router is
aware of both and no route is required. I don't think IP Routing is
automatically enabled with RRAS in Win2k like it was in NT4's RRAS so you
might want to check that. also make sure that the RRAS machine only has one
(or none) Default Gateways,...you cannot have more then one of those, but
having "none" is ok if it never goes further than these two subnets.

Why are you mixing a Public IP Block (184.155.0.0/16) with a RFC Private
Address Block (192.168.200.0/24)? Do you actually own that Class B address
block or is this a closed "lab" environment. You do realize that you can't
route between these two types of addresses across a public network?

 

[Patrick]

I ran into a problem like this when I had two NICs straddling two seperate
networks installed in one server. I had a default gateway configured on
each NIC. According to Microsoft, only one NIC in a multi-homed computer
should have a default gateway configured.
More info here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;157025&Product=win2000


HTH,

Pat

 

[Phillip Windell]

Yes that is correct. But is isn't just Microsoft,..it is the way TCP/IP is
designed. The very name "*Default* Gateway" implies there can be only one.
All others are forced to be "Specified Gateways" (or just "Gateways") where
the destination route is "known", while the Default Gateway handles all
"unkown" or "unspecified routes".


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I ran into a problem like this when I had two NICs straddling two seperate
networks installed in one server. I had a default gateway configured on
each NIC. According to Microsoft, only one NIC in a multi-homed computer
should have a default gateway configured.
More info here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;157025&Product=win2000

 

[William Cooper]

Hi Thanks for your post.

I have tried with the 192.168.7 NIC with the default gateway of
192.168.200.1 which is my firewall, and no default gateway on the
184.155.0.7 NIC. still does not work. The server needs the default gateway
so that clients on the 184.155.0.0 network can get out onto the internet The
184.155.0.0 network is a closed network, I have no choice on the addressing
scheme of that network.. Or should I just route add 0.0.0.0 mask 0.0.0.0
192.168.200.1 to the routing table and leave the 192.168.200.7 card without
a default gateway also?

There are no routes to create. You have two networks that from the routers
perspective they are "Directly Connected Networks", therefore the router is
aware of both and no route is required. I don't think IP Routing is
automatically enabled with RRAS in Win2k like it was in NT4's RRAS so you
might want to check that. also make sure that the RRAS machine only has one
(or none) Default Gateways,...you cannot have more then one of those, but
having "none" is ok if it never goes further than these two subnets.

Why are you mixing a Public IP Block (184.155.0.0/16) with a RFC Private
Address Block (192.168.200.0/24)? Do you actually own that Class B address
block or is this a closed "lab" environment. You do realize that you can't
route between these two types of addresses across a public network?


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi

I have a problem with configuring Win2k Server SP4 RRAS for routing.

Okay

I
have two networks 184.155.0.0 mask 255.255.0.0 and 192.168.200.0 mask
255.255.255.0. There are two NICs in the server. 192.168.200.7 and
184.155.0.80. I have installed RRAS and built a router, also disabled the
remote access bit as I don't need it. I have tried setting up the static
route but whatever config I use it won't route. The clients on the
184.155.0.0 network have the default gateway set as 184.155.0.80 via DHCP.
They can ping both NICs in the 2k server, but nothing else on the
192.168.200.0 network. The 2k server can ping clients on both networks. I
don't want to route DHCP requests as there is a DHCP server on each
network.What am I missing help! I set this up once before about a year ago
and it worked, don't think I used static routes though. Lost config in
urgent OS change.

HELP!

William

 

[Phillip Windell]

I have tried with the 192.168.7 NIC with the default gateway of
192.168.200.1 which is my firewall, and no default gateway on the
184.155.0.7 NIC. still does not work. The server needs the default gateway
so that clients on the 184.155.0.0 network can get out onto the internet

The

No. Use only the one Default Gateway I mentioned. For the other Network you
must use a Static Route, aka a "Gateway" as opposed to a "Default Gateway".
There should be a place there in RRAS to add a static route to the specific
subnet. I don't have a copy of RRAS handy to look at, but off the top of my
head, if you were doing it from a command line it would probably be
something like this:

Route Add -p 184.155.0.0 mask 255.255.0.0 184.155.0.7

With a real router you wouldn't have to do this, maybe RRAS is different, I
don't know. I haven't been telling people to do this so I hope I haven't
screwed people up. Let me know if that works.

 

[William Cooper]

Hi

Should that be Route Add -p 184.155.0.0 mask 255.255.0.0 192.168.200.7. I
know I would be better off using a proper router, but they seem to be rather
expensive. Also the documentation for RRAS is very poor and even in my MCSE
books and others the topic is not well covered. Furthermore I am kicking
myself for not doing a "route print > routerconf.txt" before I trashed the
working setup. Which I think was using IGMP and NAT. How would you set it up
that way?

William

 

[Phillip Windell]

Should that be Route Add -p 184.155.0.0 mask 255.255.0.0 192.168.200.7. I

Ok. Yea, when I play with numbers in my head I can poke an eye out.

know I would be better off using a proper router, but they seem to be rather
expensive. Also the documentation for RRAS is very poor and even in my MCSE
books and others the topic is not well covered. Furthermore I am kicking

I admit I'm a bit fuzzy on some of the particulars of RRAS. All my Router
experience has been with Cisco or HP routers. The last time I setup RRAS was
back with NT4 and the old RRAS with it, and even then it was a VPN Router
and not a LAN Router. It was a bit simpler and more primitive that the newer
RRAS and there may be differences I'm not aware of. I guess that might be
something good to play with next time I have the free time to set up a
"lab".

myself for not doing a "route print > routerconf.txt" before I trashed the
working setup. Which I think was using IGMP and NAT. How would you set it

up

IGMP?..you mean IGRP?..I never heard of of IGMP, but with all the acronyms
flying around that wouldn't be surprising. If you meant IGRP, the is no
need for any routing protocols, especially one that advanced. Routing
Protocols are only needed when there are multiple Routers with redundant
paths. The Protocols choose the best path, but when there is only one path,
and only one or two routers, there isn't much point in routing protocols.
Now if you had three or more routers, with just single paths RIP would be
fine. But with one Router and two subnets, static routes should all that is
needed.

NAT. I would never use NAT within a private system. NAT is an Edge or DMZ
function. It creates "trusted" vs "untrusted" networks and that is not a
good thing to have between equal subnets within a LAN. Basically you would
turn one subnet into the "Red-Headed Step Child" (no offence to folks with
red hair).

 

[William Cooper]

Hi

I tried this on my DC route add 184.155.0.0 mask 255.255.0.0 192.168.200.5
192.168.200.5 is the NIC in my Win2k DC. After that it works, why? I can
ping clients on the 184.155.0.0 network and all clients on the 184.155.0.0
network can ping the 182.168.200.0 network.
How weird is that? The 184.155.0.0 clients can't reach the internet though.
Not a FW issue I have authorised the 184.155.0.0 subnet

William ??

 

[Phillip Windell]

I tried this on my DC route add 184.155.0.0 mask 255.255.0.0 192.168.200.5
192.168.200.5 is the NIC in my Win2k DC. After that it works, why? I can
ping clients on the 184.155.0.0 network and all clients on the 184.155.0.0
network can ping the 182.168.200.0 network.
How weird is that? The 184.155.0.0 clients can't reach the internet though.
Not a FW issue I have authorised the 184.155.0.0 subnet

That is because they can find the firewall but the firewall can not find
them to reply.
If the firewall is on the 192.168 network then it won't know where the 184
network is. Two things it probably needs:

1. A Static Route,..since the Firewalls Default Gateway is the ISP's router
it will need a static route entered into its interface somewhere (similar to
the one you entered in RRAS) that tells it to find the 182.155.x.x network
by using the RRAS machine.

2. The firewall probably has a LAT (Local Address Table) somewhere. You must
add the 182.155.0.0 -- 182.155.255.255 address range to it so that the
firewall understands that this is one of your local ranges and not something
out on the internet.

Also the 182.55.x.x client will always be limited by the fact that they are
using a public IP# that you don't actually own. Somewhere out in Internet
Land there is someone who owns those addresses and those locations will
never be reachable by any of your clients because, #1 it is an address
conflict, and #2 your system will always look to your LAN for those numbers
and never the internet. This is why you should never use public addresses
that you don't own on a private LAN,...that is what the RFC Private Ranges
are for.