Internet routing doesn’t work in LAN on a two NIC’s (WAN + LAN) Windows Server 2008 R2

We have the following network setup:

A) Modem (192.168.0.1) with DHCP disabled
B) Windows Server 2008 R2 with dual NIC:
- B1) WAN interface (192.168.0.2)
- B2) LAN interface (192.168.1.2)
C) Switch with multiple LAN computers (~20) connected getting IP from server's DHCP in the range 192.168.1.25-192.168.1.150

A) and B1) are directly connected, and B2) and C) are directly connected. Internet on B) works through the WAN interface, but internet on the LAN does not work.
LAN connected computers cannot ping A) the modem (192.168.0.1).

The server is used as file server and functions as router, additionally it also runs WIndows Deployment Services and Active Directory Domain Services.. It should route all internet traffic from LAN to the internet and vice-versa. But LAN computers do not get internet connectivity.

We have tried using RIP but are stuck. It sends responses but doesn't receive any, the logs report there is a certificate error:

Failed to apply IP Security on port VPN2-113 because of error: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.. No calls will be accepted to this port.

How can we solve this problem? What do we need to configure on the server so that LAN computers have internet connectivity?

Best Answer

Network description from OP

Clients:

Are configured via DHCP.

DHCP supplied IP in the range 192.168.1.25 - 192.168.1.150
Should have a route to their own network (windows should do that by deault)
Should have the server as a default gateway (192.168.1.2, supplied via DHCP)
Should have a valid nameserver (probably also supplied via DHCP)

Clients thus should be able to ping each other and the server.

Server:

Static IP on B1: 192.168.0.2
Route to 192.168.0.1 via B2 (route add 192.168.0.1 mask 255.255.255.255 192.168.0.2 for a direct connection. Or route add 192.168.0.1 mask 255.255.255.0192.168.0.0 to make the whole network on the red net reachable). Even if that is only a network with two devices.
Static IP on B2: 192.168.1.2
Route to that network: route add 192.168.1.0 mask 255.255.255.0 192.168.1.2

The server should now be able to reach the internet and the LAN.

The LAN PCs can reach the server, and traffic intended for non local destination is also sent to the server. However the server does not forward this traffic to the red internet unless you specifically enable it by setting the following value in the registry (and rebooting afterwards).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter. Set this REG_DWORD to 1 to enable. (It is disabled by default in server 2008).

Best Answer

Related Solutions

Web-server – Traceroute showing weird path. Is load balancing router is responsible for this

Router – Linksys WRT160NL & ADSL modem/router – WAN port

Related Topic