RRAS, VPN and NAT

  • Thread starter Thread starter Matt Hickman
  • Start date Start date
M

Matt Hickman

I have set up a RRAS server (Window server 2003 enterprise ed) which
has a persistant demand dial PPTP connection between itself, on a
193.168.2.0 subnet, and a W2K RRAS server on a 10.32.251.0 subnet. From
a session on the RRAS server, The RRAS server is the client and I can get
all the computers on the 10.32.251.0 net that I have a need to connect to.

On the RRAS server I set up NAT with static address mappings. The
192.168.2.0 network is set up as the "public" network. The 10.32.251.0 is
the private. I also set up RIP protocol on the remote router demand dial
interface.

I bound a number of 192.168.2.x IP addresses to the RRAS server's LAN
adapter as an address pool. I then reserved corresponding addresses on the
10.32.251.0 network for use.

I am missing something? When I access, from the 192.168.2.0 net, the
addresses that are supposedly NATed, the local RRAS server itself responds,
rather than forwarding the packets to the 10.32.251.x addresses that
are reserved to those addresses. Yet I can get where I want to from
a session on the RRAS VPN clientusing the 10.32.251.x adresses.

For example, if I tracert to the NATed address, it ends at the local
RRAS server, going no further. If I use remote desktop pointed to a
theoretically NATed address, I end up at the local RRAS server desktop
rather than the server I want to be at on the 10.32.251.0 network.

--
Matt Hickman
Control of anything essential to life should be decentralized and
paralleled so that if one machine fails, another takes over.
Robert A. Heinlein (1907 - 1988)
_The Moon Is a Harsh Mistress_ c 1966
 
This seems a very convoluted setup. What exactly are you trying to achieve
here? It looks like a situation where a router to router (or LAN to LAN or
site to site, all mean much the same thing) connection is what you need.
This enables any machine in one site to see any machine in the other site.
The machines use their own local IPs and route through the connection.

NAT doesn't come into it because the two sites act as if they were
connected by a (slow!) IP router.
 
Bill Grant said:
This seems a very convoluted setup. What exactly are you trying to achieve
here? It looks like a situation where a router to router (or LAN to LAN or
site to site, all mean much the same thing) connection is what you need.
This enables any machine in one site to see any machine in the other site.
The machines use their own local IPs and route through the connection.

I want to be able to to do RDP from an Internet host with a public
IP address to a host on the 10.32.251.0 network. This would be a XP
Remote Desktop client.

At the firewall, an MN-700, there is a static port translation
that sends on the packets to the designated IP address of the RRAS
server pool / port 3389. Unfortunately the NAT on the firewall
only translates to a single subnet, 193.168.2.0/24, which is why
I can't simply do site to site.
 
Back
Top