Windows 7 client routing through multi NIC 2008R2 server

[ianh64]

Hi

 

First post. Sorry its a long/detailed one. I am setting up a new school office network for a local school. First time W7 and Server 2008 user - last time I configured Server was in 3.51 days! A VMS application developer in a previous life and we had network guys to setup the routing specifics.

 

We have a server with 4 NICs. One is for internet, one for school office which is what I am configuring for, one is for IT/servers LAN and a final one spare for when school machines get added. I am using an active server domain.

 

I currently have a Windows 7 PC connected via DHCP to office LAN. Subnet is 192.168.3.x. The Server is on .1, a Netgear Smartswitch is on .2 and DHCP allocated .100 to the Windows 7 PC.

 

On the IT LAN (192.168.2.x), in addition to the physical server (192.168.2.1) I have two Hyper-V virtual machines, one is an application server (.22) and the other is a security server (.11) running and evaluation of TMG. The security server then uses the Internet Lan (192.168.1.50) to go out to my broadband router (192.168.1.254).

 

I am 90% happy that server network is working as it should, except for routing from the 192.168.3.x subnet. On the server I can access the internet, likewise from application server and security server. DNS appears to be working fine.

 

The problem that I am having is that the windows 7 PC cannot connect to the internet, or more specifically, cannot connect/ping through the W2008R2 server other than to its specific IP addresses, 192.168.3.1 and 192.168.2.1. DNS resolution on W7 PC works fine and I can remote desktop in from the server.

 

I suspect subnet routing issues on the server. To simplify this a little, it didn't work when I had the single server without virtual machines and TMG so I think that whilst TMG must be considered, its not the fundamental problem.

 

On main server, the IT LAN (192.168.2.1) has a default gateway of the security server, 192.168.2.11.

 

On the Win7 client, it has a default gateway of the server office NIC, 192.168.3.1. I have tried other values and if set to other than this, I loose DNS name resolution.

 

I have installed routing and remote access on server and tried both RIP and IGMP routers, the later currently being in use. I have added all the NIC's to these but no routing appears to be going on.

 

Possibly I need to setup static routes? I have tried many options, but no luck.

 

Of course, with me being new to 2008R2 and AD, it may be something simple like I need to authorise the W7 client to access the network, even though it is part of the domain and I am testing it with domain admin user. Have also tried turning various firewalls off.

 

Apologies for the long question. Hopefully the solution will be nice and simple!

 

-Ian

 

                                       Windows 7
DHCP - IP:192.168.3.100, Mask 255.255.255.0, Gateway 192.168.3.1 (Access type - No Internet access)
                                            |
                                            |
                       Netgear GS108T Smartswitch
Static - IP:192.168.3.2, Mask 255.255.255.0, Gateway 192.168.3.1
                                            |
                                            |
                           Windows 2008R2 Server
Office NIC   Static - IP:192.168.3.1, Mask 255.255.255.0 (Access type - Internet)
                                            |
IT LAN NIC  Static - IP:192.168.2.1, Mask 255.255.255.0, Gateway 192.168.2.11 (Access type - Internet)
                                            |
                                            |
                           Windows 2008R2 Server (Virtual)
IT LAN NIC Static - IP:192.168.2.11, Mask 255.255.255.0 (Access type - No Internet access)
                                            |
                          Forefront TMG 2010 Eval
                                            |
Internet NIC Static - IP:192.168.1.50, Mask 255.255.255.0, Gateway 192.168.1.254  (Access type - Internet)

                                            |
                                            |
                           O2 Router (homebased testbed)
Internet NIC Static - IP:192.168.1.254, Mask 255.255.255.0, Gateway as O2 default

Edited April 15, 2010 by ianh64

[ianh64]

I am 99% sure this is a subnet routing issue. I easily managed to get the Windows 7 PC to connect to the internet simply by connecting to the IT (192.168.2.x) LAN and ensuring that the gateway was set to the security/TMG server at 192.168.2.11. I also removed the Netgeat Smartswitch to remove any oddies with that but it made no difference.

 

So any pointers as to what static routes that I need to setup or how to configure RIP or IGMP routers for dynamic routing would be appreciated so I can put it back on the office (192.168.3.x) LAN would be appreciated.

 

Thanks in advance

 

Ian

Edited April 14, 2010 by ianh64

[ianh64]

OK. I think I have solved the issue. Need to test fully but this is being written on the Windows 7 client on the Office LAN.

 

The issue was routing, but not on the main server, but on the security server. What I needed to do was, on the IT LAN side of the security/TMG server, setup a static route back to the IT LAN NIC on the main server.

 

So basically, adding the static route on the IT LAN interface within RRAS on the security server (192.168.2.11) for IT LAN, destination 192.168.3.0 (the IT LAN), mask 255.255.255.0, gateway 192.168.2.1 (IT LAN NIC on main server) seems to have me up and running.

 

Thanks for reading. Hope this will help someone in the future.

 

-Ian

Edited April 15, 2010 by ianh64
added mask

[ianh64]

Oh dear. The 'fix' seems to have created its own issue.

 

Looks like, in some situations, I have setup circular routing bouncing between 192.168.2.1 (the main server NIC) and 192.168.2.11 (the LAN side of the internet gateway). This only appears to be an issue if the destination IP is not connected. However, I also think it affects broadcast requests, ie DHCP.

 

C:\Users\Administrator>tracert 192.168.3.100

 

Tracing route to 192.168.3.100 over a maximum of 30 hops

 

1 * * * Request timed out.

2 <1 ms <1 ms <1 ms griffin.???.school [192.168.2.1]

3 <1 ms * <1 ms eagle.???.school [192.168.2.11]

4 <1 ms <1 ms <1 ms griffin.???.school [192.168.2.1]

5 <1 ms * <1 ms eagle.???.school [192.168.2.11]

6 <1 ms <1 ms <1 ms griffin.???.school [192.168.2.1]

7 1 ms * <1 ms eagle.???.school [192.168.2.11]

8 <1 ms <1 ms <1 ms griffin.???.school [192.168.2.1]

9 <1 ms * <1 ms eagle.???.school [192.168.2.11]

etc

 

A side effect of this is that DHCP also appears to have got broken plus the client is temperemental at joining the domain once it has lost connection - I was doing connectivity tests and found that the client could not be swapped between NIC's and rejoin at will.

 

Appreciate anyones thoughts on this. Using a seperate hardware router is out of the question.

 

Is it possible to 'break' the circular reference, possibly by setting up further static routes, or possibly setting up a dynamic routing protocol such as RIP or IGMP - have tried to set these up but no luck.

[ianh64]

Please consider this thread closed.

 

Having been freed from the clutches of restricted browsing on server, I have found the network forum so have started a more pertinent thread on there