Home Lab With RRAS (NAT and LAN Routing)


  • Dear All Experts,

    Can someone advice how should I achieve the following objectives for my home lab. See setup diagram:


    The purpose of such setup in my home lab is because I trying to create a server farm that would be become my psedo "Production" environment that I will then replicate to the cloud using Azure Site Recover (ASR).

    At the current setup stage, the objective I would try to reached is (1)  to enable to all the nested VMs, including the VM1 and VM2 to have internet access; (2) bidirectional Ping communication - the nested VMs in VM1 able to ping VM2 and vice versa (i.e. VM2 able to ping the nested VMs)

    In my RRAS configuration, I enable both NAT and LAN Routing under "Custom Configuration". This allow me to achieve the objective (1) which is all the nested VMs have internet access; at the same time, part of the objective (2) which is the nested VMs able to ping the VM2 and the External Virtual Switch in VM1. However, the VM2 is unable to ping the nested VMs.

    If I would to remove the NAT, objective (2) immediately achieved. However, the nested VMs would lost the internet connection.

    Really appreciate if someone could advise me on this. Thanks in advance.

    středa 11. července 2018 22:03

Všechny reakce

  • Duplicate.



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    středa 11. července 2018 22:19
  •   A couple of hints.

    1. Don't use an internal switch and ICS. Use a private virtual switch and use a vm with RRAS as a router between the private and external networks. I would not rely on ICS, even for a home lab.

    2.  All domain members must use the DC for DNS. The domain members should use the DC's IP address only. Like the other domain members, the DNS settings on the DC itself should be its own IP address only. Links to a public domain service like are set in the DNS server on the DC. This DNS server will then resolve external URLs for the DC itself and its clients. (In fact, if the DC is set to use before you promote it, the promotion process will probably set up the forwarder for you in Server 2016 or 2019. I use and it did for me).

      Since you are running this on Windows 10 it really should be in Windows 10 Virtualization forum, not this server forum. You might be using server OS in the guests, but the host OS is Windows 10. The Windows 10 forum is here.

      Why are you trying to use nested virtualization? Why not run the vms directly on the Windows 10 host? If you really want to use the server OS to host the vms, run it on the physical machine in a dual-boot config.


    • Upravený Bill Grant čtvrtek 12. července 2018 7:22
    čtvrtek 12. července 2018 5:33
  • Perhaps may be my diagram is not clear enough. 

    Windows 10 Hyper-V virtualization is only the first layer virtualization. The second layer of Hyper-V nested virtualization is running within Windows Server 2016.

    čtvrtek 12. července 2018 8:57
  • Hi Dave,

    Yes. This is a duplicated. Really hope someone could help me out of this. Really. I had spent nights trying to resolve the issue, but fail and that's why I desperately needs help.

    čtvrtek 12. července 2018 8:59
  • If it is a critical issue for you, you need to open a support case with Microsoft.  TechNet forums are not official support methods.  Contributors are people like you who volunteer their time and share their experiences, but they cannot provide the in-depth support that is required to resolve an issue quickly.

    Secondly, since your host is running Windows 10, you should be posting in the Windows 10 virtualization forum in order to reach the experts in Windows 10 Hyper-V.  Though the hypervisor is the same between Windows 10 and Windows Server, the implementation of components varies, such as the NAT capabilities on the client.  To reach the Windows 10 Hyper-V experts you should post to


    čtvrtek 12. července 2018 11:49
  •   I agree. That is far too complicated to try to debug through a forum, especially as it is not even close to a possible scheme. 

       Perhaps you could try a simpler setup (as I suggested above) and post in the appropriate forum if you still have problems.


    čtvrtek 12. července 2018 23:25