1

My background is primarily .NET Development with some System Administration skills. I'm trying to set up a VM Lab for me to test System Applications I'm developing but I've only ever done System Administration in already set up environments; I've never set up my own.

My current setup: Server 2008 R2 Hyper-V Host on physical machine (only role enabled) with two NICs. First NIC dedicated for Management w/ DHCP address from company's network. Second NIC dedicated to RRAS VM w/ DHCP address from company's network. RRAS VM has two NICS, one is virtual private internal only NIC w/ static entry. The other is the physical NIC mentioned above. I've joined it to my VMLab.net internal domain. My Active Directory Domain Controller server (ADCT) also runs DNS, DHCP, and Certificate Services which I'm familiar with but don't understand completely.

RRAS is already set up with NAT to provide the private internal network with Internet access. What I would like to do is be able to RDP into the servers/computers on the VMLab.net domain from my computer. Do I need to add the Remote Desktop Services role and enable the Remote Desktop Gateway service on RRAS in order to do this or is there a way to set up port forwarding on RRAS to just allow a direct connection to the internal servers...or both? What would the best practices be here?

Network Diagram

(no longer available)

Ross Presser
  • 453
  • 6
  • 22
Dennis Evans
  • 11
  • 3
  • You don't need RDP Gateway services. I believe you just need to route your company network segment to the vm's network segmnet. Can you post description of both networks and respective gateways ? – voodooo Jan 21 '11 at 18:40
  • Added a link to network diagram, let me know if that helps with the description or if you need more info. Thank you for your help and interest. – Dennis Evans Jan 21 '11 at 18:58
  • How many lab nentworks do you need? Do you have a l3 switch that supports VLANs? We have similair setup with 5 labs running on different VLANs either isolated or routable depending on firewall – morleyc May 21 '13 at 00:53

1 Answers1

1

Assuming you're pc is behind 10.50.190.0/24 network and the default gateway of that network is 10.50.190.254/24 you just need to add a static route to this gateway like 10.0.0.0/24 -> 10.50.190.37 and make sure that the default gateway of every machine on the 10.0.0.0/24 network points to 10.0.0.1 (RAS Server). With this configuration everybody on the 10.50.190.0/24 network will reach 10.0.0.0/24 network. If you just need for your PC or for start testing you can make this local route, in windows: "route add 10.0.0.0 mask 255.255.255.0 10.50.190.37" (cmd). Regards.

voodooo
  • 254
  • 2
  • 6
  • I've been researching static routes and port forwarding on an RRAS but haven't found anything that helps. What I'm still not understanding is how my computer that's on the 10.50.190.0/24 network can "see" the servers in the private LAN behind the RRAS gateway. I made the local route and even added the RRAS as a default gateway in the IPv4 settings of my laptop's nic, but I'm still not able to ping or connect to the servers behind the RRAS. – Dennis Evans Jan 24 '11 at 18:19
  • Your RRAS server act like a router. Has one interface on each network (10.50.190.0/24 and 10.0.0.0/24) so he can route between them. Let's try again, if your PC is on 10.50.190.0 network you can point the default gateway to the 10.50.190.0 network IP of your RRAS server and traceroute an ip of the 10.0.0.0 network: "tracert 10.0.0.5" for example and post the results. – voodooo Jan 25 '11 at 17:33
  • Our network administrator is going to give me a range of IP addresses so I can just put the VM's on the second NIC and do away with the RRAS altogether for convenience and immediate ease of use since I can't spend too much time on the setup of this. I do think having this VM network set up this way would be a best practices scenario and it will be something I'm going to pursue configuring on my home server. I will update this entry once I get things setup there. Thank you for your help thus far, it has been helpful. – Dennis Evans Jan 27 '11 at 14:51