I'm pretty sure that when I get an answer, it's going to be one of those "duh moments"...
So I've got seven VMs running on an isolated virtual network segment. This is a test AD/Exchange/Lync thing, so I want it as isolated as I can from my production network. However our developers want to be hitting it with their development tools directly from their production workstations. One of these VMs has a second virtual NIC on it that ties to our production LAN, and I've installed the Routing role on this machine. NICs are identified with meaningful labels ("corpnet" and"Internet"), the "inside" one is in the domain profile and the "internet" one is in a public profile, all firewalls are turned off on all of the VMs. I have seven IP addresses that I've allocated on the production network and all I'm after here is a simple one-to-one mapping.
Here's what I've done so far:
- Configure for LAN Routing and NAT
- Under IPV4 -> NAT, create Public interface with Internet NIC
- Under IPV4 -> NAT, create Private interface with Corpnet NIC
- Under IPV4 -> NAT -> Internet -> Address Pool, add small production network address range.
- Under IPV4 -> NAT -> Internet -> Address Pool -> Reservations, create one-to-one mappings of public to private addresses with "Allow Incoming Sessions" enabled
- All VMs are set with the edge server as the gateway. The edge server is set with my production LAN's gateway on the "Internet" network interface.
From the edge VM, I can get to the production LAN and to the private VMs. From the production LAN I can get to the edge VM just fine. However I can't get from the production network to any of the VMs and none of the VMs can get past the edge VM.
What incredibly obvious and simple thing am I missing? I typically don't use Windows' router, so... TIA