Windows 2003 Server as a LAN to LAN router problem

[Double R]

Hello - I am hoping someone can help me here, as it is driving me
NUTS! I have a windows 2003 enterprise server w/ SP1 - it has 2 NIC
cards in it.

Local Area Connection2:
192.168.1.122
255.255.255.0
GW of 192.168.1.1 (my company router), Connected to a 192.168.1.0
network switch

Local Area Connection:
192.168.5.12
255.255.255.0
GW of nothing, connected to an isolated switch hosting the 192.168.5.0
network

On my laptop, I added the route 192.168.5.0 mask 255.255.255.0
192.168.1.122 (to find the 5.0 net, go to 1.122)

Clients on the 5.0 network have ip addresses statically assigned (for
now) - an example is
192.168.5.11
255.255.255.0
GW of 192.168.5.12

I basically want the 2 networks to be able to talk to each other with
no problems... Right now, I can either get 1 network to talk to the
other, or vice versa, but cannot get both to talk to each other at the
same time

--------------------------------------------------------------------------

After installing RRAS's (custom install, LAN Routing selected only)
and nothing is configured on the server, I yield the following
pingable results:

>From my Laptop, pingable addresses:
192.168.1.122 - makes sense, same subnet
192.168.5.12 - Nic on same server as above, on the 5.0 network
192.168.5.11 - Nic on separate server behind the RRAS server

>From RRAS server:
Can ping all nodes on both subnets

>From 192.168.5.11:
192.168.5.12 - default gateway of 192.168.5.11, 5 net nic on RRAS
server
192.168.1.122 - 1 net nic on RRAS server (so 5.12 is forwarding to
1.122 correctly)
192.168.1.21 - my laptop, as i pinged it and is already known in ARP

The problem from the 5.11 system is that i cannot ping 192.168.1.1,
which is the default gateway on our router (which is managed by our
service provider and i have no access to), so it cannot get to the
internet...

--------------------------------------------------------------------------

I played with these settings more, and i found that if i added NAT on
the Local Area Connection2 (192.168.1.122) NIC, the systems from the
5.0 Net could find 192.168.1.1 and could get to the internet, but now
the systems on the 1.0 net could not access anything behind
192.168.1.122

I want all systems on both subnets to be able to access machine's - no
firewall needed - all traffic can be allowed from both subnets to each
other...

I am sure i need to add some sort of combination of things, like
static routes and firewall settings - i have tried a large combination
of things and i'm just getting frustrated... any help would be greatly
appreciated!!!!!

Thanking anyone in advance!!!

[Bill Grant]

Routing is a two-way process. As well as having a route to get the
traffic to a target machine, there must be a route which the target can use
to get the reply back.

You can get traffic to a target machine in the 192.168.1 subnet, but that
machine does not know where the 192.168.5 subnet is. It will send the
traffic to its default router, which doesn't know either. Since it is a
private address which cannot cross the Internet it will be dropped.

It works with NAT enabled because now all traffic from 192.168.5 is
using the NAT router's 192.168.1 address, which your gateway router knows
about.

To get it to work without NAT, you need to add extra routing info to the
192.168.1 network so that it knows how to reach the 192.168.5 subnet. The
easiest way to do that is to add a static route to the gateway router.
eg

192.168.5.0 255.255.255.0 192.168.1.122

The setup then looks like this.

Internet
|
gateway
192.168.1.1 {static route 192.168.5.0 255.255.255.0 192.168.1.122}
|
LAN clients
192.168.1.x dg 192.168.1.1
|
192.168.1.122 dg 192.168.1.1
RRAS
192.168.5.12 dg blank
|
clients
192.168.5.x dg 192.168.5.12

"Double R" <rviola81@hotmail.com> wrote in message
news:1172605648.530317.58430@s48g2000cws.googlegroups.com...
> Hello - I am hoping someone can help me here, as it is driving me
> NUTS! I have a windows 2003 enterprise server w/ SP1 - it has 2 NIC
> cards in it.
>
> Local Area Connection2:
> 192.168.1.122
> 255.255.255.0
> GW of 192.168.1.1 (my company router), Connected to a 192.168.1.0
> network switch
>
> Local Area Connection:
> 192.168.5.12
> 255.255.255.0
> GW of nothing, connected to an isolated switch hosting the 192.168.5.0
> network
>
> On my laptop, I added the route 192.168.5.0 mask 255.255.255.0
> 192.168.1.122 (to find the 5.0 net, go to 1.122)
>
> Clients on the 5.0 network have ip addresses statically assigned (for
> now) - an example is
> 192.168.5.11
> 255.255.255.0
> GW of 192.168.5.12
>
> I basically want the 2 networks to be able to talk to each other with
> no problems... Right now, I can either get 1 network to talk to the
> other, or vice versa, but cannot get both to talk to each other at the
> same time
>
> --------------------------------------------------------------------------
>
> After installing RRAS's (custom install, LAN Routing selected only)
> and nothing is configured on the server, I yield the following
> pingable results:
>
>>From my Laptop, pingable addresses:
> 192.168.1.122 - makes sense, same subnet
> 192.168.5.12 - Nic on same server as above, on the 5.0 network
> 192.168.5.11 - Nic on separate server behind the RRAS server
>
>>From RRAS server:
> Can ping all nodes on both subnets
>
>>From 192.168.5.11:
> 192.168.5.12 - default gateway of 192.168.5.11, 5 net nic on RRAS
> server
> 192.168.1.122 - 1 net nic on RRAS server (so 5.12 is forwarding to
> 1.122 correctly)
> 192.168.1.21 - my laptop, as i pinged it and is already known in ARP
>
> The problem from the 5.11 system is that i cannot ping 192.168.1.1,
> which is the default gateway on our router (which is managed by our
> service provider and i have no access to), so it cannot get to the
> internet...
>
> --------------------------------------------------------------------------
>
> I played with these settings more, and i found that if i added NAT on
> the Local Area Connection2 (192.168.1.122) NIC, the systems from the
> 5.0 Net could find 192.168.1.1 and could get to the internet, but now
> the systems on the 1.0 net could not access anything behind
> 192.168.1.122
>
> I want all systems on both subnets to be able to access machine's - no
> firewall needed - all traffic can be allowed from both subnets to each
> other...
>
> I am sure i need to add some sort of combination of things, like
> static routes and firewall settings - i have tried a large combination
> of things and i'm just getting frustrated... any help would be greatly
> appreciated!!!!!
>
> Thanking anyone in advance!!!
>