Windows 2008 Routing and Remote access server – access to the internet

remote-accessrraswindowswindows-server-2008

I have a windows 2008 r2 remote access server set up and running. The remote access works fine.
My problem is that the remote access server itself doesn't have access to the internet. The box has two interfaces, an internal and an external.
Inbound connections come in on the external interface and RRAS responds. All wall and nice.

I want to be able to use windows update, browse, etc from this box but can't as the outbound traffic just gets blocked.

I've tried going into the RRAS mmc tool and opening the interface properties, under which there are two buttons for inbound and outbound filters. There I tried adding ports 80 and 443, but this doesn't work completely. I can see the connection initiating (Syn goes out) but the session never establishes itself.

Anyone done this or got any suggestions?

Best Answer

I eventually found a solution to my problem. I hadn't realised it but RRAS has a built in firewall, which is not exactly brilliant. You would have thought that they would have dropped this for integration with the built in windows firewall - but no.

It has a sort of mini-firewall which requires you not only add an outbound rule for, say, http access but also an inbound rule for the responses to the outbound connections.

My error above was that I had only opened outbound http but hadn't included the second rule to permit responses. Seems a bit stupid to need to explicitly include this rule.

In any case, the various problems I had with this box are now solved.

Thanks

Ian

Related Solutions

Routing and Remote Access: How to configure VPN

I hope this KB is what you're looking for!

http://support.microsoft.com/kb/247231

Let me know!

Regards, David.

Windows 2008 Server Router and Local Network

Does your external NIC on the server have a public ip / connected straight to a router or does it go in to another router?

What is happening is (if your setup is as I expect above)-

Client looks up IP and sees that it is outside of your local network Client goes to its default gateway (your Windows 2008 Box) and says the ip. Windows 2008 says not here, looks up the default gateway and forwards the request to your router. Router says, that IP is mine, but then hangs and times out!

See if your router supports NAT Loop-back. Basically, NAT inside Windows 2008 is working, but the DNS IP is your public one and RRAS does not realise that it is it's own IP, and therefore doing its job and routing to its external network.

If you say the make/model of your router, I can help you further (if it supports it)

Another way that can get awkward is to install your own local DNS server on the Windows 2008 box and refer all clients to it (make it forward queries to your current DNS servers) and force in a zone for each of your domains that have your internal records.

... Or if you only have a handful of machines and the router does not support NAT Loop-back, and you understandably do not want to buy new hardware, insert your record in to the machines' host file. This is a surprisingly efficent technique and providing you have admin access to shares, you can script this VERY easily by just placing it in a directory then doing

copy hosts \\\computer_name\c$\windows\system32\drivers\etc\hosts

And all done without a reboot!

Of course, the prefrence is just to enable NAT Loopback!

Anyway, hope I helped and this was the issue... Dreading your reply of "I only have a modem and the server is using a external ip in it's config!!"

Best Answer

Related Solutions

Routing and Remote Access: How to configure VPN

Windows 2008 Server Router and Local Network

Related Topic