2

I have a network as follows.

Router->Windows Server->Clients

I want to be able to be on the LAN of the router and access the clients who are on a different subnet behind the Windows Server with networking and policy access enabled.

I setup a static route on my Router A as follows. Destination 10.200.0.0/16 Gateway 192.168.20.100

But im not sure what to setup on windows to get the Static Route working.

I tried doing it on each interface on the Static route tab in routing and remote services on windows but no luck.

What am i missing so that i can access the 10.200.0.0/16 network from the Router side on 192.168.20.1/24?

Thanks!

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.20.1   192.168.20.100    266
       10.200.0.0      255.255.0.0         On-link        10.200.0.1    266
       10.200.0.1  255.255.255.255         On-link        10.200.0.1    266
   10.200.255.255  255.255.255.255         On-link        10.200.0.1    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.20.0    255.255.255.0         On-link    192.168.20.100    266
   192.168.20.100  255.255.255.255         On-link    192.168.20.100    266
   192.168.20.255  255.255.255.255         On-link    192.168.20.100    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.200.0.1    266
        224.0.0.0        240.0.0.0         On-link    192.168.20.100    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.200.0.1    266
  255.255.255.255  255.255.255.255         On-link    192.168.20.100    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     192.168.20.1  Default
===========================================================================

enter image description here

soniccool
  • 181
  • 1
  • 8
  • The route need to be on the gateway of those computer, thus the Windows server. Try to add it manually to the PC, route add 192.168.20.1 mask 255.255.255.0 10.200.0.1 and see if it work – yagmoth555 Jan 19 '15 at 15:09
  • 1
    The Windows server is already directly connected to both networks so it should already have a route in it's routing table for both networks. You shouldn't have to manually add any routes to it's routing table. The clients should have the server configured as their DG. Can you post the output of `route print` from the server and the output of `ipconfig` from a client? – joeqwerty Jan 19 '15 at 16:03
  • The 10.200.0.0/16 subnet can access 192.x.xx.x but not the other way around – soniccool Jan 19 '15 at 16:04
  • I added the static routes up above – soniccool Jan 19 '15 at 16:05
  • Run a packet capture on the server and ping a 10.200.x.x client from the router and then analyze the capture on the server to see if you see traffic in both directions. – joeqwerty Jan 19 '15 at 17:06
  • `14833 54.638263000 192.168.20.1 10.200.0.1 ICMP 98 Echo (ping) request id=0x0b1c, seq=6/1536, ttl=64 (no response found!)` – soniccool Jan 19 '15 at 17:16
  • I get it, but i dont know what to do in windows to pass it to the LAN side from the WAN – soniccool Jan 19 '15 at 17:17
  • Got it, So how do i enable that? @jlehtinen – soniccool Jan 19 '15 at 17:51
  • Firewall is already disabled nothing – soniccool Jan 19 '15 at 18:00
  • There has to be routes from my understanding – soniccool Jan 19 '15 at 18:01
  • Yes it does. I can ping from 10.200 to 192 – soniccool Jan 19 '15 at 18:39
  • Right you confirmed that in the post. I meant, confirm routing from 192.x -> 10.x. Run tracert from client PC on 192.x subnet and see where in the path traffic is getting dropped. – jlehtinen Jan 19 '15 at 19:20

1 Answers1

3

If you want your Windows server to act as a router, you'll need to install and configure the Routing and Remote Access Server role; otherwise, the server will be able to talk to both networks, but will not forward traffic between them.

Once the role is installed, you only need to enable "LAN and WAN routing"; there is no need for other features like VPN or demand-dial routing in your scenario.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Its already enabled, thats why i am asking what static route to make to make mee access it from wan side – soniccool Jan 19 '15 at 16:57
  • Are you sure you didn't enable NAT? That would let traffic flow only in one direction (from LAN to WAN), not allowing the reverse. You should configure the server only as a router, without any NAT. – Massimo Jan 19 '15 at 18:33
  • Nat is enabled but i need it enabled. – soniccool Jan 19 '15 at 18:39
  • NAT =/= routing. With NAT, your "internal" clients can talk to the "external" router, but the router can't talk to the client, because it can't even properly address them. If you need NAT, that's strictly monodirectional. – Massimo Jan 19 '15 at 19:50
  • 1
    So i can go from PC to Router A but i cant go the other way because im natting on Windows Server A? @Massimo – soniccool Jan 24 '15 at 05:05
  • Looks like i had to disable natting like you said @massimo – soniccool Jan 26 '15 at 06:47