Nat – RRAS VPN Server on Windows 2008 Behind NAT

This VM subsequently had HD issues, so I will chalk this one up to data corruption wonkiness.

• Create a virtual switch in ESXi for your "internal" network.
• Give your "internal" VMs a single virtual network adapter and connect it to the internal virtual switch.
• Give your "router" VM two network adapters; connect one to the internal virtual switch, connect the other to whatever virtual switch you're using to access your "real" network.
• Choose an IP subnet for your internal network; for this example, let's use 192.168.0.0/255.255.255.0.
• Configure your "router" VM's internal network adapter to have an IP address on the above network; f.e. 192.168.0.1/255.255.255.0. Don't set any default gateway on this adapter.
• Configure your "internal" VMs to also have an IP address/subnet mask in the above network; f.e. 192.168.0.10/255.255.255.0 and 192.168.0.20/255.255.255.0.
• Configure those "internal" VM's default gateway to be the internal IP address of your "router" VM, i.e. 192.168.0.1.
• Configure your "router" VM's external network adapter to have whatever address is appropriate for your "real" network; configure also its default gateway to be the one you'd use in your "real" network.
• Now, the three VMs should be able to ping each other using their internal IP addresses; the "router" VM should also be able to ping external IP addresses. If they doesn't, then something is wrong; the most common error is switching the two virtual adapters in the "router" VM, as Windows tends to detect adapters in a totally arbitrary order. Regardless of all, anyway, the two "internal" VMs should be able to ping each other.
• If you're absolutely certain everything is configured correctly yet it still doesn't work, disable Windows Firewall on all your VMs and try again.

If the three VMs can succesfully talk to each other and the "router" VM can talk to external hosts, now it's time to enable RRAS.

• From Server Manager, add the "Network Policy and Access Services" role to your server.
• In Server Manager, go to the "Network Policy and Access Services" node and then to "Routing and Remote Access".
• Select "Configure and enable Routing and Remote Access".
• Choose the NAT configuration from the proposed templates.
• Select the public and private networks.
• You can now choose to enable automatic DNS and DHCP services for your router, or you can skip this and rely on your own ones.
• Complete the wizard and start the services.

Now you should be able to ping external IP addresses from the "internal" VMs too.

For DNS and DHCP, you can choose to use the RRAS' built-in ones, or do whatever else is appropriate for your setup (using static IP addresses, using external DNS servers, set up your own internal AD domain with DNS and DHCP, etc.).