RRAS / NAT / IP Routing Help

Discussion in 'MCSE' started by =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=, Feb 21, 2004.

  1. Ok so here's where Im having trouble

    My network (at home) is setup like s

    gateway=192.168.1.

    xp box 192.168.1.x [|] multihomed RRAS server=192.168.1.x (public interface

    RRAS Private interface=172.16.x.x [|] Server2 = 172.16.x.

    everything on 192.168.1.x is connected to my gateway, which goes to my internet connecto

    the 172.16.x.x subnet between the 2 servers is connected via crossover.

    everything is fine as far as internet browsing goes. from all PCs I can get to the forums :

    I can connect via unc from 172.163.x.x subnet to any pc. but my xp box cannot see the 172.16.x.x subne

    If I ping to 172.16.x.x it gets to the 192.168.1.x interface on the RRAS server, but never hits the 172.16.x.x interface (have confirmed this with network monitor).

    So far I have checked my routing tables, and everything looks to be in order. bsically 172.16.x.x to 192.168.1.x works fine, but not the other way around. Ip routing an demand dial is enabled in RRAS (as welkl as remote access).

    I have also attempted modifying HKLM\system\currentcontrolset\services\tcpip\parameters\ key=ipenablerouter to a value of one, but this did not change anything. I have also tried adding a static route to the 172.16.x.x subnet on the RRAS server (on any and all interfaces) but still no luck. also tried disabling remote access just to make sure that this was not interfering. THere are no IPfilters enabled at all on the RRAS server

    oh yeah, and also...

    with Remote access enabled, if I connect via VPN to the public RRAS interface, I can ping back and forth just fine (Remote connection is assigned an Ip on 172.16.x.x subnet) from that point, I can do whatever I want both ways...

    So basically, it appears to me that somewhere between the "public" interface and "private' interface the packets are dropped, but only from the 192.168.1.x > 172.16.x.x direction

    Any ideas? Please help! im stuck. :

    *more coffee

    thanks for any suggestions!
    =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=, Feb 21, 2004
    #1
    1. Advertising

  2. =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=

    Mark Scott Guest

    is there a connection from the xp box to 172.17?

    "Christopher J" <> wrote in message
    news:...
    > Ok so here's where Im having trouble:
    >
    > My network (at home) is setup like so
    >
    > gateway=192.168.1.1
    >
    > xp box 192.168.1.x [|] multihomed RRAS server=192.168.1.x (public

    interface)
    >
    > RRAS Private interface=172.16.x.x [|] Server2 = 172.16.x.x
    >
    > everything on 192.168.1.x is connected to my gateway, which goes to my

    internet connecton
    >
    > the 172.16.x.x subnet between the 2 servers is connected via crossover.
    >
    > everything is fine as far as internet browsing goes. from all PCs I can

    get to the forums :)
    >
    > I can connect via unc from 172.163.x.x subnet to any pc. but my xp box

    cannot see the 172.16.x.x subnet
    >
    > If I ping to 172.16.x.x it gets to the 192.168.1.x interface on the RRAS

    server, but never hits the 172.16.x.x interface (have confirmed this with
    network monitor).
    >
    > So far I have checked my routing tables, and everything looks to be in

    order. bsically 172.16.x.x to 192.168.1.x works fine, but not the other way
    around. Ip routing an demand dial is enabled in RRAS (as welkl as remote
    access).
    >
    > I have also attempted modifying

    HKLM\system\currentcontrolset\services\tcpip\parameters\ key=ipenablerouter
    to a value of one, but this did not change anything. I have also tried
    adding a static route to the 172.16.x.x subnet on the RRAS server (on any
    and all interfaces) but still no luck. also tried disabling remote access
    just to make sure that this was not interfering. THere are no IPfilters
    enabled at all on the RRAS server.
    >
    > oh yeah, and also...
    >
    > with Remote access enabled, if I connect via VPN to the public RRAS

    interface, I can ping back and forth just fine (Remote connection is
    assigned an Ip on 172.16.x.x subnet) from that point, I can do whatever I
    want both ways...
    >
    > So basically, it appears to me that somewhere between the "public"

    interface and "private' interface the packets are dropped, but only from the
    192.168.1.x > 172.16.x.x direction.
    >
    > Any ideas? Please help! im stuck. :(
    >
    > *more coffee*
    >
    > thanks for any suggestions!
    Mark Scott, Feb 21, 2004
    #2
    1. Advertising

  3. First off, thanks for the reply! :

    No, there is no direct connection from the Xp box to 172.16.x.x subnet.

    I got to fiddling with it again today, and if I remove NAT, I can ping across just fine, but as soon as I reinstall NAT, everything gets dropped at the public interface. Is this one of those "by design" issues. Can I not initiate the ping (or other traffic) from outside the public interface to the private subnet? I know that you can create special port mapopings (IE 21 goes to internal host x.x.x.x) in order to direct certain types of traffic addressed to the public interface to a specific private host, but if I have the private address defined in the incoming packet, and the server has a valid route to that subnet, shoudn't it route the packet? Am I wrong in assuming this?
    =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=, Feb 21, 2004
    #3
  4. Found a workaround by creating a resevation in the address pool for my private network host. Cant connect directly to the private address from the pubilc network, but I can connect via the public address I used for the reservation, which is mapped to the private host. :)
    =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=, Feb 22, 2004
    #4
  5. =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=

    Jesse PH Guest

    nat uses private ip.
    i just dont know if you can nat on both private ip.
    check routing tables. test connectivity.

    Jesse PH

    "Christopher J" <> wrote in message
    news:...
    > First off, thanks for the reply! :D
    >
    > No, there is no direct connection from the Xp box to 172.16.x.x subnet.
    >
    > I got to fiddling with it again today, and if I remove NAT, I can ping

    across just fine, but as soon as I reinstall NAT, everything gets dropped at
    the public interface. Is this one of those "by design" issues. Can I not
    initiate the ping (or other traffic) from outside the public interface to
    the private subnet? I know that you can create special port mapopings (IE 21
    goes to internal host x.x.x.x) in order to direct certain types of traffic
    addressed to the public interface to a specific private host, but if I have
    the private address defined in the incoming packet, and the server has a
    valid route to that subnet, shoudn't it route the packet? Am I wrong in
    assuming this?
    Jesse PH, Feb 23, 2004
    #5
  6. =?Utf-8?B?Q2hyaXN0b3BoZXIgSg==?=

    Jesse PH Guest

    ip mappings. you can map public ip to private ip.
    access your private ip thru the mapped public ip.

    Jesse PH

    "Christopher J" <> wrote in message
    news:...
    > Found a workaround by creating a resevation in the address pool for my

    private network host. Cant connect directly to the private address from the
    pubilc network, but I can connect via the public address I used for the
    reservation, which is mapped to the private host. :)
    Jesse PH, Feb 23, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Moody Marco

    RRAS problem - may be wireless network related?

    Moody Marco, Mar 20, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    652
    Moody Marco
    Mar 20, 2005
  2. Miha

    use certificates on RRAS server

    Miha, May 30, 2005, in forum: Microsoft Certification
    Replies:
    4
    Views:
    913
  3. Sean McGrath
    Replies:
    0
    Views:
    1,956
    Sean McGrath
    Dec 29, 2003
  4. Maciej_R

    ISDN DDR -> RRAS

    Maciej_R, Sep 28, 2004, in forum: Cisco
    Replies:
    2
    Views:
    513
  5. Andrew Albert
    Replies:
    1
    Views:
    3,926
    Rod Dorman
    Feb 8, 2005
Loading...

Share This Page