In this diagram, we have a 2 legged Server 2008 box with 2 NICs (in my case this is a VM with 2 vNICs attached). The NIC config is as follows:
IP Address: 10.10.10.105 (Internal Network)
Gateway: 10.10.10.70 (Internal Interface of ISA server)
IP Address: 10.10.11.1 (Private Network)
IP Address: 10.10.5.1 (Other Private Network)
So now we need to make our Server 2008 box (VM) function as a router and make sure we’re not doing anything else except "LAN Routing". For a step by step on how to do this, please follow this article:
The preceding article does a good job on telling you how to install the feature. However, it doesn’t really tell you how to configure anything else like IP’s, gateways, static routes, etc. Note the conspicous absence of that information . Once you’re done with that article, reboot the server.
Here’s what one needs to do to get a client on 10.10.11.x (not the server 2008 router) to have access to the internet:
1. Make sure the client’s IP configuration is pointed to the Server 2008 router for it’s Default Gateway:
2. Ping the DG from the client. If this works, proceed to step 3….if it doesn’t, then call a buddy to help you out
3. From a client on the 10.10.10.x network, let’s add a static route from your client (remember, client on the 10.10.10.x network) to the Server 2008 router by typing the following:
route add 10.10.11.0 MASK 255.255.255.0 10.10.10.105 -p
Once completed you should be able to get to the client on the other network (for example) 10.10.11.13 through the Server 2008 router. A tracert should reveal:
Tracing route to 2008X64TEMPLATE [10.10.11.13]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 2008member05.test.com [10.10.10.105]
2 3 ms <1 ms <1 ms 2008X64TEMPLATE [10.10.11.13]
Once that’s working, you can remove the persistent route by typing:
route delete 10.10.11.0
4. Now we need to turn our attention to the ISA Server and it’s internal network. On the internal network here, the 10.10.10.x network is considered internal and anyone on the internal network can get to anyone on the internal network. The first thing we need to do is add a persistent route to the ISA Server so it knows where to route the packets destined for the 10.10.11.x network. We use the same command as above…be sure to make it persistent (-p):
4a.) route add 10.10.11.0 MASK 255.255.255.0 10.10.10.105 -p
5. Once that’s completed, apply the change to ISA then open a command prompt:
5a.) Type: route print and you should see a bunch of entries along with the following:
5b.) Persistent Routes:
Network Address Netmask Gateway Address Metric
10.10.11.0 255.255.255.0 10.10.10.105 1
5c.) Now run a ping from the ISA Server to the client on your 10.10.11.x network (I have an XP client at 10.10.11.13) and you should get a response.
5d.) Now run a ping from your 10.10.11.13 client to the internal interface of the ISA Server (10.10.10.70 in this case)
5e.) Now run a ping from your 10.10.11.13 client to www.apple.com or 188.8.131.52 or some other internet device that will respond to a ping.
5f.) Now, open a web browser from your 10.10.11.13 client and see if you can get out.
6. Assuming all of your pings have worked, you should now have full internet access from a private network using Server 2008 as a simple router.
7. If you want to add a 3rd NIC to the Server 2008 router, just repeat all the steps substituting for the configuration changes and you should be good to go.
I hope this has helped!