1

We have the following network setup:

  • A) Modem (192.168.0.1) with DHCP disabled
  • B) Windows Server 2008 R2 with dual NIC:
    • B1) WAN interface (192.168.0.2)
    • B2) LAN interface (192.168.1.2)
  • C) Switch with multiple LAN computers (~20) connected getting IP from server's DHCP in the range 192.168.1.25-192.168.1.150

A) and B1) are directly connected, and B2) and C) are directly connected. Internet on B) works through the WAN interface, but internet on the LAN does not work. LAN connected computers cannot ping A) the modem (192.168.0.1).

The server is used as file server and functions as router, additionally it also runs WIndows Deployment Services and Active Directory Domain Services.. It should route all internet traffic from LAN to the internet and vice-versa. But LAN computers do not get internet connectivity.

We have tried using RIP but are stuck. It sends responses but doesn't receive any, the logs report there is a certificate error:

Failed to apply IP Security on port VPN2-113 because of error: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.. No calls will be accepted to this port.

How can we solve this problem? What do we need to configure on the server so that LAN computers have internet connectivity?

Niels vd Meij
  • 11
  • 1
  • 2
  • 1
    Why not just use the modem to provide internet connectivity directly to the hosts connected to the switch? Presumably the modem has a builtin firewall. – joeqwerty Nov 21 '12 at 00:55
  • You shouldn't need RIP unless you have another router using RIP and both routers are exchanging the routing table via RIP. – joeqwerty Nov 21 '12 at 02:17
  • I'm with @joeqwerty: just get a router and be done with it. Any business class router will do (and I say that because home routers typically don't last as long and/or are limited, but you could probably get away with one of those too). – gravyface Nov 21 '12 at 02:31

1 Answers1

3

Network description from OP

Clients:

Are configured via DHCP.

  • DHCP supplied IP in the range 192.168.1.25 - 192.168.1.150
  • Should have a route to their own network (windows should do that by deault)
  • Should have the server as a default gateway (192.168.1.2, supplied via DHCP)
  • Should have a valid nameserver (probably also supplied via DHCP)

Clients thus should be able to ping each other and the server.


Server:
  • Static IP on B1: 192.168.0.2
  • Route to 192.168.0.1 via B2 (route add 192.168.0.1 mask 255.255.255.255 192.168.0.2 for a direct connection. Or route add 192.168.0.1 mask 255.255.255.0192.168.0.0 to make the whole network on the red net reachable). Even if that is only a network with two devices.
  • Static IP on B2: 192.168.1.2
  • Route to that network: route add 192.168.1.0 mask 255.255.255.0 192.168.1.2

The server should now be able to reach the internet and the LAN.

The LAN PCs can reach the server, and traffic intended for non local destination is also sent to the server. However the server does not forward this traffic to the red internet unless you specifically enable it by setting the following value in the registry (and rebooting afterwards).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter. Set this REG_DWORD to 1 to enable. (It is disabled by default in server 2008).

Hennes
  • 4,772
  • 1
  • 18
  • 29
  • +1 you don't need RIP for a single router/route. A static route should do you just fine. Do this, and as long as the LAN computers can ping B2, and set B2 as their default gateway you should be golden – David Houde Apr 21 '13 at 11:12