Actually, source NAT in my previous post will work if you find something equivalent. Try googling "sNAT windows server" if you want.
I know exactly what your problem is:
Client-----------DSL Rtr/Public IP 2----
| |
| Windows 2008 Server
| |
--------------Main Rtr/Public IP 1-----
When client sends web/RDP request, here is the path packet takes:
1) web/RDP packet leaves the client
2) packet reach DSL public IP
3) DSL router redirects it to 2008 server. In this case, packet source IP doesn't change but destination IP becomes 2008 NIC 2 IP
4) 2008 sees it and process it and send back reply. Now a crucial pt: since source IP is non-local network, it sends out to default gateway which is Main Rtr private IP 10.1.1.1
5) Main router NAT the reply to its public interface IP. This time, packet source IP becomes main rtr public IP, packet dest IP is client IP
6) When the client receive the response back, it will *reject* it because it never sends the request to your main router in the first place
Some behavior of Windows servers:
In this case, your 2008 server have 2 IP addresses assigned belonging to 2 different subnets, meaning it knows 2 default gateways. But it will only use one default GW at any given moment and your server choose/(weigh more) main rtr private IP. Only in the case of failure, it will reorder and choose DSL private IP as the default GW
There are 2 solutions: 1st one Windows based, 2nd one network based
1. Take a look at reply post by Adamu Garba on this link:
http://forums.techarena.in/server-networking/891196.htm
It seems ISA server MMC console can redirect traffic to desired NIC based on IP, ports, etc. Caveat might be additional cost. If you want to follow this route, I can no longer help you.
2. If you look at step 4, server reply went to 10.1.1.1 because client source is from the Internet. Now imagine if the client source IP is from the local network, the reply will never go to main rtr's private Ip but directly to local client. How can we make it so that original request *seems* to come from local network? The answer is set up either reverse proxy OR a NAT device between DSL rtr and 2008 server. This is work-around from network angle. Caveat here is you might need to set up a Linux box: try finding non-Linux solution. If Linux, research on 'netcat' for reverse proxy and all Linux distros have NAT built-in.
Btw, what you are planning to do is called a ba-ck-do-or. If somebody finds out about your DSL connection, they will follow the least protected path. So think about proper protection for your DSL link too. Also, if I were you, I wouldn't post that public IP address on forums. Hope it helps!