Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Q & A: Issue with Two NICs in RRAS

RRAS, VPN, TS/RDP, Routing and remote Access.

Q & A: Issue with Two NICs in RRAS

Postby chicagotech » Sun Dec 10, 2006 8:13 pm

The problem is that you have two routers, and default routing usually
fails when you reach that point. Traffic from your "internal" subnet can get
out to the Internet by default routing, but the return traffic will fail.
You need to add an extra route to the Linksys router so that it knows how to
handle the traffic for the internal subnet.

The routing table for the RRAS machine in your original posting was
wrong because it showed two default routes. This was probably caused by
having a default gateway configured on the internal NIC. I see that you
fixed that after Bob Lin's post.

There are two ways to solve the problem. If all you want is to give the
internal subnet machines Internet access, you can run the RRAS router as a
NAT router. If you do that it will work, because all traffic from the
internal subnet reaching the Linksys will be using the RRAS router's
external IP of 10.1.0.11, and the Linksys can send that back directly to the
RRAS server. NAT then sends the traffic to the NAT client. The disadvantage
is that you are doing NAT twice (at the RRAS router and again at the
Linksys). If you use this method you do not need the extra route on the
Linksys router.

The other alternative is to leave the RRAS router doing normal IP
routing and add extra routing to the Linksys. The Linksys needs to know
where the internal subnet is and how to reach it. It must know to forward it
to the RRAS router so that it can be delivered directly on the internal
subnet. That appears to be what you are trying to do and it looks like it
should work. Check that it looks like this.

Internet
|
public IP
Linksys {static route 10.1.1.0 255.255.255.0 10.1.0.11 }
10.1.0.1/24
|
10.1.0.11/24 dg 10.1.0.1
RRAS
10.1.1.1/24 dg blank
|
workstations
10.1.1.x dg 10.1.1.1

If you cannot get it to work, remove the static route from the Linksys
and try the NAT on the RRAS server method.

> By the way after I made the changes and I tried to ping yahoo.com from PC
> 1
> on subnet, and I started sniffing traffic using ethereal on both
> interfaces
> on the server 1, here is was i had, which i interpreted that the traffic
> went
> through from PC 10.1.1.20 to the internet and response only stopped at
> 10.1.0.11 without being forwaded to the interface 10.1.1.1. to destination
> 10.1.1.20 is that correct?
>
> Interface 10.1.0.11 (facing internet)
> No: time Source Destination Protocol Info
> 1 0.000000 10.1.0.11 68.13.16.30 DNS Standard query A
> yahoo.com
> 2. 0.035600 68.13.16.30 10.1.0.11 DNS Standard query
> response A 66. 94.234.13 A 216.109.112.135
> 3 3.999872 10.1.0.11 68.13.16.30 DNS Standard query A
> yahoo.com
> 4. 4.021299 68.13.16.30 10.1.0.11 DNS Standard query
> response A 66. 94.234.13 A 216.109.112.135
>
> Interface 10.1.1.1 (Facing the lan)
> No: time Source Destination Protocol Info
> 1 0.000000 10.1.1.20 68.13.16.30 DNS Standard
> query
> A yahoo.com
> 1 3.999866 10.1.1.20 68.13.16.30 DNS Standard
> query
> A yahoo.com
> 1 36813.64846 10.1.1.20 68.13.16.30 DNS Standard query
> A
> yahoo.com
> 1 36816.63879 10.1.1.20 68.13.16.30 DNS Standard query
> A
> yahoo.com
>
>
> Thanks,
>
> Melvin
> "Robert L [MVP - Networking]" wrote:
>
>> The routing table displays "Default Gateway: 10.1.1.1" It should
>> be the 10.1.0.1.
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> First of all I am a newbie in this field and I am trying to do a hands
>> on
>> learning as part of changing my career, but cannot afford classes at
>> this
>> time.
>>
>> Here is the problem I have; I am in the process of creating at least 2
>> subnets in my little network environment. But I have configured
>> everything
>> according to the instructions I have been able to get and the books I
>> have
>> read, but the problem is the PC's on the subnet 1 cannot access the
>> Internet.
>>
>> Here is my setup, I have a Cable modem, that is connected to a linksys
>> router that is running a DHCP, The IP of the router is
>> 10.1.0.1/255.255.255.0, Then this router is connected to my windows
>> 2003
>> (Have 2 Nics) that I would like to act as a router to my Subnet 1, I
>> have
>> enable RRAS, and is running fine, Interface called INTERNET is
>> connected to
>> the Router and I have assigned IP 10.1.0.11/255.255.255.0/10.1.0.1,
>> then the
>> second interface I called LAN is connected to the Subnet 1, has IP
>> 10.1.1.1
>> /255.255.255.0 / No GW.
>>
>> Here are the results.
>> - I can ping PCs on the subnets from the RRAS server.
>> - I can ping RRAS from any of the PCs on the subnet.
>> - PCs on teh subnet 1 can ping each other
>> - I can ping the Linksys Router
>> - The PC's on the subnet can see each other including the RRAS.
>>
>> The major Problem is PC's on the subnet cannot connect to the Internet:
>> When I attempt to sniff the traffic on both interfaces on the RRAS
>> server
>> this is what I found when I attempt to ping yahoo.com from the PC's on
>> the
>> subnet 1:
>>
>> Traffic from the PCs is passed through the LAN interface and to the
>> Internet
>> Interface and ping yahoo.com
>> Ping Reply come back from the internet through Internet Interface, but
>> is
>> not forwarded to the LAN interface back to the Original PC on the
>> subnet 1
>> network.
>>
>> I know is something to do with routing, but I have tried several ways,
>> but
>> with no success for the last three days, either I do not really know
>> how the
>> routing works, or I am doing something wrong, Yes I have attempt to
>> read the
>> book, but I have not had any clue. I will really appreciate if someone
>> will
>> be able to lead me on the right direction on my endeavor to change my
>> career.
>>
>> Here is all the information:
>> - Connectivity
>> - Interfaces IP addresses, Netmasks, Gateways etc.
>> - Router Information on my Linksys Router
>> - Routing Information from the RRAS server:
>> - Ipconfig information from the RRAS server.
>>
>>
>> Please someone lead me to the right direction, and help me resolve this
>> issue.
>>
>>
>> CONNECTIVITY:
>> Cable Modem ---- Router ----> Windows 2003 (RRAS) -------->
>> Hub ------->
>> Subnet 1
>>
>> Linkssys Router Information:
>>
>> IP on the LAN and Wireless Interface:
>>
>> Router: (Running DHCP) - Wireless router
>> IP: 10.1.0.1
>> SN: 255.255.255.0
>>
>> Routing Table information on the linksys router:
>>
>> Destination LAN IP Subnet Mask Gateway Interface
>> 10.1.0.0 255.255.255.0 10.1.0.1 LAN&Wireless
>> 10.1.1.0 255.255.255.0 10.1.0.11 LAN&Wireless
>> 68.229.180.0 255.255.254.0 68.229.180.* WAN
>> 127.0.0.0 255.0.0.0 0.0.0.0 LOOPBACK
>> 0.0.0.0 0.0.0.0 68.229.180.1 WAN
>> 127.0.0.1 0.0.0.0 127.0.0.1 LOOPBACK
>>
>>
>>
>> RRAS Information(Windows 2003)
>> Currently no DNS or DHCP is turned on
>>
>> ROUTING INFORMATION:
>> C:\Documents and Settings\Administrator>route print
>>
>> ===========================================================================
>> Interface List
>> 0x1 ........................... MS TCP Loopback interface
>> 0x1000003 ...00 50 22 e9 3b fa ...... rtl81390 NDIS 5.0 driver (Facing
>> LAN)
>>
>> 0x1000004 ...00 01 03 e1 05 b9 ...... EL99X9 3Com 10/100 PCI NIC w/3XP
>> (Facing Internet)
>>
>> ===========================================================================
>>
>> ===========================================================================
>> Active Routes:
>> Network Destination Netmask Gateway Interface
>> Metric
>> 0.0.0.0 0.0.0.0 10.1.0.1 10.1.0.11
>> 1
>> 0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.1
>> 1
>> 10.1.0.0 255.255.255.0 10.1.0.11 10.1.0.11
>> 1
>> 10.1.0.11 255.255.255.255 127.0.0.1 127.0.0.1
>> 1
>> 10.1.1.0 255.255.255.0 10.1.1.1 10.1.1.1
>> 1
>> 10.1.1.1 255.255.255.255 127.0.0.1 127.0.0.1
>> 1
>> 10.255.255.255 255.255.255.255 10.1.0.11 10.1.0.11
>> 1
>> 10.255.255.255 255.255.255.255 10.1.1.1 10.1.1.1
>> 1
>> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
>> 1
>> 224.0.0.0 224.0.0.0 10.1.0.11 10.1.0.11
>> 1
>> 224.0.0.0 224.0.0.0 10.1.1.1 10.1.1.1
>> 1
>> 255.255.255.255 255.255.255.255 10.1.1.1 10.1.1.1
>> 1
>> Default Gateway: 10.1.1.1
>>
>> ===========================================================================
>> Persistent Routes:
>> None
>>
>>
>>
>> IPCONFIG INFORMATION:
>> Ethernet adapter LAN:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Realtek RTL8139(A) PCI Fast
>> Ethernet Adapter
>> Physical Address. . . . . . . . . : 00-50-22-E9-3B-FA
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 10.1.1.1
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . :
>> DNS Servers . . . . . . . . . . . : 10.1.1.1
>> 68.13.16.30
>> 68.12.16.30
>>
>> Ethernet adapter Internet:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : 3Com 10/100 PCI NIC w/3XP
>> (3CR990-TX-97)
>> Physical Address. . . . . . . . . : 00-01-03-E1-05-B9
>> DHCP Enabled. . . . . . . . . . . : No
>> Autoconfiguration IP Address. . . : 10.1.0.11
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 10.1.0.1
>> DNS Servers . . . . . . . . . . . : 10.1.0.1
>> 68.13.16.30
>> 68.12.16.30
>>
>> Interface information:
>>
>> Windows 2003: 2 NICS
>> Nic 1: Internet
>> IP: 10.1.0.11
>> SN: 255.255.255.0
>> GW: 10.1.0.1
>>
>> DNS: 10.1.0.1
>> 68.13.16.30
>> 68.12.16.30
>>
>> NIC 2: LAN
>> IP: 10.1.1.1
>> SN: 255.255.255.0
>> GW: Null
>>
>> DNS: 10.1.1.1
>> 68.13.16.30
>> 68.12.16.30
>>
>>
>>
>> Example of the PC's Interfaces config on the subnet 1 Network:
>>
>> Workstations on Subnet 1
>> IP: 10.1.1.20
>> SN: 255.255.255.0
>> GW: 10.1.1.1
>>
>> DNS: 10.1.1.1
>> 68.13.16.30
>> 68.12.16
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6466
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: No registered users and 4 guests