Ok, I have a server running Hyper-V 2016. It is currently configured with a single NIC (Internet facing) and a single Internal vNIC for the VMs. For testing and initial deployment, I specified an IP address for the host on the vNIC and configured the VM servers to use that address as a gateway. I configured a single NetNat for the Internet-facing NIC (multi-IP addresses) with port forwarding to some VM servers and I turned on IPEnableRouter in the host which allows full routing over a non-Microsoft VPN as well as the VMs have full Internet access. The only barrier I currently have is the host cannot initiate connections outbound to the Internet (internal or over the VPN work great, just not directly over the Internet NIC). If I remove the NetNat, the host can talk to the Internet just fine but we don't want that due to the NAT requirements. I did have to have multiple NetNatExternalAddress settings per IP to be able to port forward ports 25, 80, and 443 (don't know if that makes a difference).
So, my next thought was "Install RAS on a VM" because the documentation says "RAS Gateway can be configured via PowerShell to be a NAT router". Ok, great but... no where is there an ability that I have found to configure the NAT routing capabilities of RAS. I used Install-RemoteAccess -VPNType RoutingOnly and Get-RemoteAccess shows that is the only active piece. If I start RRAS Manager, it says
"Legacy mode is disabled on this Server
<id id="IDConfigDesc">Using this UI, you cannot view/modify the Routing and Remote Access server configuration since legacy mode is disabled.</id>
<id id="IDConfigDesc2">Use RemoteAccess PowerShell cmdlets for viewing/modifying the RRAS configuraton."</id>
Ok, but there are no RemoteAccess cmdlets that address RRAS configuraton (sic).
HELP! I do not want to install a full server (requiring full reinstallation of this server and the VMs) to get RRAS. If I can get help determining why I can't access the Internet from the host with NetNat enabled, that would be the easiest. If I have to use RAS on a VM, then I need some guidance on how to configure NAT in this configuration.
So, the desired configuration is:
VMs <-> InternalSwitch <-> Host <-NAT with Port Forwarding to VMs-> InternetNIC (multi-address)
The host needs to be fully conversational with both the VMs, the VPN (which is successfully communicating via the InternetNIC to another site), and other Internet locations (this last part is what is currently failing). The VMs need to be fully conversational with the host, VPN, and Internet (this is occurring successfully now).<id id="IDConfigDesc2"></id>
Pete