Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RRAS and static routes

Status
Not open for further replies.
GrnEyedLdy

GrnEyedLdy

Instructor
Sep 12, 2002
853
US
Good day to all,

CLASSROOM PC's--INSTRUCTOR SERVER--OFFICE network W/ DLS Internet



Classroom PC's subnet (192.168.2.0/24)

Instructor PC(dual NIC's 192.168.2.200/24 Classroom & 192.168.1.200/24 Office))

Router 192.168.1.1

I would like to keep the 'CLASSROOM' isolated from the 'OFFICE' network yet provide Internet access for the CLASSROOM PC's. I believe that I can accomplish this by enabling RRAS on the Instructor Server and configuring a static route...Can I?

Any help will be greatly appreciated!

Thanks,

Patty [ponytails2]
 
Sort by date Sort by votes
Hi GrnEyedldy,

Yes you can. Configure RRAS for "Network Router" and then add 2 static routers.

1 route should be destination 192.168.2.0 bound to the 192.168.2.x network card. The 2nd route should have the explicit destination 192.168.1.1 bound on its card.

Problem here is that machines on the 192.168.1.x network would be able to route to the 192.168.2.x (connectivity would be limited because the machines in the classroom won't be able to talk back!).

Ash/
 
Upvote 0 Downvote
Ashley,

Thanks, I will try those routes tomorrow!


Appreciate your help
Patty
 
Upvote 0 Downvote
Forgot to mention you'll also need to tell the router how to route to the 192.168.1.x subnet - ie. use the 192.168.1.200 as its gateway.

Ash.
 
Upvote 0 Downvote
Ok Ashley....help!

This is what I tried on the Win2K Server enabled with RRAS as a Network Router with 2 NIC's...CLASSROOM (192.168.2.0/24 network) and OFFICE (192.168.1.0/24 network)

1. On the CLASSROOM Interface (192.168.2.200) I added the following static route:

Destination 192.168.1.1 -- Router address
Mask 255.255.255.255
Gateway 192.168.1.200

2. On the OFFICE Interface (192.168.1.200) I added the following static route:

Destination 192.168.2.0
Mask 255.255.255.0
Gateway 192.168.2.200


From a student machine in the Classroom with an IP address of 192.168.2.2, I can ping the Office Interface at 192.168.1.200.

I cannot however ping the router at 192.168.1.1 from a student machine in the 192.168.2.0/24 network.

Where am I going wrong?

Thanks!

Patty [ponytails2]


 
Upvote 0 Downvote
Mattwray,

Tried that without luck...any other suggestions?


Patty[ponytails2]
 
Upvote 0 Downvote
Multi-homed machines shouldn't have two gateways. It screws up the routing table. Keep one gateway, the one that goes to the router.
Have classroom PC's point to your machine as its gateway.

Now your classroom should have access to the office network. The office network however will not be able to route back to the classroom network since their gateway is the router...correct? That way, the classroom packets can route to the office, but will never be able to return due to routing issues on the office side.
So the only route you need to add is on the router. Stating that in order to get to the classroom network, use the instructor machine as its gateway. Now classroom clients should be able to get to the router...then the internet.

In the future you may want to invest in a firewall that seperates the classroom network, and the office, but allowing both to proceed to the internet.
FW would have 3 nics, one to the router, one to the office network, and one to the classroom network. ________________________________________
Check out
 
Upvote 0 Downvote
As SGT mentioned you shouldn't have the two gateways defined jut the one to the Internet side. Outside of that the inside (192.168.2.0 side should forward traffic to the outside (192.168.1.0). The syntax for this to happen is 0.0.0.0 mask 0.0.0.0 192.168.1.1

This tells the 192.168.2.subnets to go out that path for every remote destination. This will also allow other networks in though. Unless you define the a policy on the RRAS server that restricts such. A simple way would be to enable connection sharing on the 192.168.1.200 NIC. Then allow users to connect through that. You should also point the RRAS server to a DNS server. The users will then be forwarded (traffic) and the RRAS server will act as a caching server.

HTH....

 
Upvote 0 Downvote
Argggg...


I don't know what I'm doing wrong here. I have tried all of your suggesstions with out any luck.

As per SGT's advice I nixed the two gateways,

As per Tpulley's & MattWray's advice I added the static route on the Classroom Interface;

0.0.0.0 mask 0.0.0.0 192.168.1.1 (If I am understanding this correctly, this tells any non-local requests that come into the Classroom Interface to be sent to the 192.168.1.1 (the router)). Is this right?

Was I suppossed to add this route to the Office Interface s well?


Patty

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nvn
  • Locked
  • Question
SNMPV3 msgauthoritativeEngineID and ContextEngineID
Replies
0
Views
323
nvn
nvn
Charliemp3
  • Locked
  • Question
ldapsearch UID and GID from with -f list option
Replies
0
Views
238
Charliemp3
Charliemp3
lagg
  • Locked
  • Question
Packet loss and timeout
Replies
1
Views
324
chieftan
chieftan
hafsa1982
  • Locked
  • Helpful tip
Article on basics of TCPIP and OSI layers
Replies
1
Views
266
dbrent1
dbrent1
Comeragh
  • Locked
  • Question
SNMP and Port Forwarding
Replies
0
Views
215
Comeragh
Comeragh

Part and Inventory Search

Sponsor

Back
Top