Server2008R2 with NAT routing .. doesn't route

I have done this so many times, I am not sure what I am missing here now ...

This scenario has two stations so far

1. Server
2. Client

Server got two NICs,

1. 85.232.38.162 /28
2. 192.168.0.162 / 24

Client one

1. 192.168.0.170 - using .162 as a gateway

On the RRAS server (.162) I am now adding the role - NAT and VPN, here you can see how

Now I rebooted the box and the sorts, but the client just cannot route out to the internet - it can ping both IPs of the server, just not the gateway - could someone point me into the right direction by any chance ?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Everyone

Looks like you're running it inside a VM (just going off the "vmxnet 3" in the interface list), did you double check the network settings on the host?

You didn't say if the RRAS server can route to the internet, just that the client can. I'm guessing you probably already tried, but can you connect to the internet from the server?

Also you said the client can ping both IPs but not the gateway... Isn't one of the IPs the gateway?

It shouldn't be able to ping the external IP, so that doesn't make much sense. Is the client a VM too? If so, is it configured to use the right virtual network on the host?

jibbajabba

Everyone wrote: »

Looks like you're running it inside a VM (just going off the "vmxnet 3" in the interface list), did you double check the network settings on the host?

You didn't say if the RRAS server can route to the internet, just that the client can. I'm guessing you probably already tried, but can you connect to the internet from the server?

Also you said the client can ping both IPs but not the gateway... Isn't one of the IPs the gateway? It shouldn't be able to ping the external IP, so that doesn't make much sense. Is the client a VM too? If so, is it configured to use the right virtual network on the host?

Actually no after I changed "Local LAN Routing" only (instead of default which is dialup and local LAN) I am not getting any ping at all.

As for the setup - yes, those are VMs.

I have two vSwitches - one with uplinks to the physical network (WAN side of the 2008 box / router) - one without uplinks, which is used for the LAN side .. so the router VM has two NICs, one for the public network, and one for the internal vSwitch and the client has only one vnic which is connected to the same "no uplink" vswitch the router VM is connected to ..

Does that make sense ?!?

Can post screenshots if it helps ..

Everyone

Yeah screenshot may help... So the server can't connect to the internet either? Do you have other VMs on the same vSwitch with the WAN connection that are able to connect to the internet?

Just to make sure I understand... The LAN side vSwitch is not associated with any physical NIC on the host?

I know I've mixed up what NIC is connected to what vSwitch on a VM before, you're sure you have the IPs assigned to the right NICs?

jibbajabba

Oh, forgot to answer that earlier - the server has internet just fine - its just the client who can't route through the server to the internet so the nic order is fine .

Here in this example DC is the server (not a DC yet) and the client is mail - nothing else installed on either - simply wanted to get the routing working first

Everyone

192.168.0.1 is set as the gateway on the client?

vSwitch1 is configured to use 192.168.0.162 as its gateway?

jibbajabba

Everyone wrote: »

192.168.0.1 is set as the gateway on the client?

vSwitch1 is configured to use 192.168.0.162 as its gateway?

Nope, client has 192.168.0.162 as gateway (LAN IP of server) - 192.168.0.1 has no gateway set - don't actually use it and intend to remove the vmkernel anyway ..

Everyone

jibbajabba wrote: »

Nope, client has 192.168.0.162 as gateway (LAN IP of server) - 192.168.0.1 has no gateway set - don't actually use it and intend to remove the vmkernel anyway ..

The NIC on the server with 192.168.0.162 has NO gateway configured right?

jibbajabba

Everyone wrote: »

The NIC on the server with 192.168.0.162 has NO gateway configured right?

correct. Server has only a gateway on the WAN side, no Gateway on the LAN side, but client is using the IP of the LAN side of the server as a gateway ..

Everyone

Done these?
Enable LAN and WAN routing
Enable RRAS as a VPN Server and a NAT Router
Install and Enable NAT on a Remote Access Server
Troubleshooting Remote Access

jibbajabba

Everyone wrote: »

Done these?
Enable LAN and WAN routing
Enable RRAS as a VPN Server and a NAT Router
Install and Enable NAT on a Remote Access Server
Troubleshooting Remote Access

Apart from the troubleshooting page, yea - seen 'em all.

including

How to configure Windows 2008 Server IP Routing
Using Windows Server as a NAT Router
and
Windows Server 2008 as a LAN Router Running RIP

jibbajabba

Right, given up .. every single KB, article and forum post pretty much reflects what I have done here and it SHOULD work and no one seems to have experience in using RRAS as router so I am pretty much out of ideas / help.

Downloaded / Installed ClearOS - worked within 5 minutes .. Moving on

KenC

Windows Firewall issue?

jibbajabba

KenC wrote: »

Windows Firewall issue?

First thing to turn off once you hit problems, so no