Home > RRAS (Routing and Networking) > Configure RRAS on Windows 2008 R2 to route 4 Private Networks within VMware

Configure RRAS on Windows 2008 R2 to route 4 Private Networks within VMware

Within my VMware test lab, I wanted to be able to route three private networks in order to test Exchange 2010 (DAG and CAS), TMG 2010 (Reverse Proxy) and a Windows XP\7 client using Outlook Anywhere and OWA.   The problem is, I wanted to truly test the NAT routing as simulated in our production environment using VMware and virtual networks.  The networks look like this:

  • 192.168.0.X  (Internal LAN Network)
  • 10.0.0.X        (DMZ – or Internet Facing Network)
  • 100.0.0.X      (Exchange DAG Replication Network)
  • 100.0.20.X (Exchange DAG Replication Network – Second Site)

So how do I get these networks to route between one another?

THE FIX:  RRAS (Routing and Remote Access Server in Windows 2008 R2).   I was actually surprised on how easy this was to setup and will work on Hyper-V as well.

Step 1:  Add the NICS to your RRAS server.  Each NIC will have the IP address that you will use for the Default Gateway for each of the Networks in your environment.  If this is in VMWare or Hyper-V, no Default Gateway is required.   If you are using publicly routable IPs, you will need to designate static routes within the RRAS setup.  Note: Each of these NICs are on the same “VMWare” Virtual Network, so you will not have to create VM networks, this work will be handled by RRAS.

NIC Configuration on RRAS server:

  1. NIC1:  100.0.20.1 -MASK 255.255.255.0 -NO Gateway
  2. NIC2: 100.0.0.1 -MASK 255.255.255.0 -NO Gateway
  3. NIC1: 10.0.0.1 -MASK 255.255.255.0 -NO Gateway
  4. NIC1: 192.168.0.1 -MASK 255.255.255.0 -NO Gateway

image

image

STEP 2:

Install the RRAS service on your Windows 2008 R2 Server.  This can be done by going to the Add Server Roles Wizard.   You will need to add the Network Policy and Access Services.

image

STEP 3:  We will now Enable the RRAS configuration. Navigate to the Server Manager and drill into the the roles. The Routing and Remote Access should have a red indicator. Follow the illustrations below to complete the configuration.

image

Select Secure Connection between two private Networks.

image

Select NO to create Demand-Dial Connections

image

If you see an error stating “An error occurred while trying to start Routing and Remote Access Service….” This is normal.  Click OK on the error.

image

You should now see your RRAS server with a red error or indicator.   Right click on the RRAS Server (Local) and select properties.  Change the IP4V router setting from LAN and Demand-Dial routing to Local Area network (LAN) routing only.  Click Apply and OK.   Right Click on the RRAS server again, Select All Tasks and select Start to start the services.

image

You should now be all set.

image

Have fun testing!

Ed McKinzie

Advertisements
  1. Mohaseen
    July 8, 2013 at 11:36 PM

    Hi Ed,

    Even I’m trying to set a cross site DAG lab,

    TWO sites :

    172.168.1.1/24
    172.168.1.2/24

    I’m using Hyper-v and I can’t ping cross site.

    you made an interesting point that if NICs are in Hyper-v or VMware there is no need of Default gateway, is that correct ? can you think of where the mistake is happening ?

    Thanks…
    Mohaseen

    • August 6, 2013 at 10:44 AM

      If the NICs are all on the same subnet, then you do not need a default gateway. If you want to route between disparate subnets, then you will have to use a default gateway in order for the packets to route properly.

      Cheers!

      Ed M.

  2. Johnny
    August 27, 2013 at 11:37 PM

    With the external DMZ nic which is used to connect the internet, how does RRAS know about this? Or does it try each nic until it can get out?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: