Multi NIC Windows 2003 routing problem

[Chuck]

Hi all,

I have a Windows 2003 Enterprise Server which talks to machines in one
private network, hosted on one network card, and another private network as
well as the internet which should be routed over the other network card.
This exact layout on a Windows NT 4 Server works just fine, but not on the
Windows 2003 Server which I'm setting up to replace the NT4 Server. The
setup:

NIC1:
IP: 192.168.90.1
Def GW: 192.168.90.67
Subnet mask: 255.255.255.0

NIC2:
IP: 10.10.10.2
Def GW: 10.10.10.1
Subnet mask: 255.255.255.0

NIC1 is connected to a Cisco PIX leading to a VPN. The PIX is the default
gateway, the network behind the PIX is 192.168.20.x
NIC2 is connected to a Sonicwall, which is connected to the internet. The
Sonicwall is the default gateway.

When I set the TCP/IP properties on the server, I always get a warning
message saying that having different default gateways would not work as
expected. The server then communicates just fine on the 192.168.90.x
network, and it can also ping machines on the 10.10.10.x network. But any
requests that would go out to the internet are failing, can't even an
outside server with a public IP (which works on the NT4 system).

Does anyone see how this can be solved? With the NT4 system I had to add
this route to get it to work:
route add 192.168.20.0 mask 255.255.255.0 192.168.90.67 -p

but that doesn't seem to make a difference on the Windows 2003 Server.

Any hints greatly appreciated. Thanks!

 

[Phillip Windell]

You cannot have two Default Gateways. By the very definition of the
term,..there can only be one.

157025 - Default Gateway Configuration for Multihomed Computers
http://support.microsoft.com/default.aspx?scid=kb;en-us;157025&Product=win2000

Since you appear to have three subnets floating around and I have no idea
about the relationship between them,...I cannot tell you how to deal with
the problem the right way.

The best way is to never multi-home a Server under any circumstances except
for Proxys and NAT Servers. Place real LAN routers between the subnets, not
computers.

Here are other multi-homing "horrors" to keep in mind. This is why computers
should only "live" on networks and let the Routers "route" the networks.

175767 - Expected Behavior of Multiple Adapters on Same Network
http://support.microsoft.com/default.aspx?scid=kb;EN-US;175767

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

Microsoft Windows XP - Multihoming Considerations
http://www.microsoft.com/resources/documentation/windows/xp/all/reskit/en-us/prcc_tcp_qpzj.asp?

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564

 

[Chuck]

Phillip,

thanks for the information. Do you think it could still be done (if yes,
how?) with these details:

All network traffic destined for the 192.168.20.x and 192.168.90.x should go
out via NIC1 (the one with the 192.168.90.1 address), ALL other traffic can
safely go out the 10.10.10.2 interface.

How could that be set routing wise (maybe with route add ... )

I stated that before, it worked beautifully on Windows NT 4 for many many
years.... (still does, but that server has to go, for obvious reasons).

Cheers

You cannot have two Default Gateways. By the very definition of the
term,..there can only be one.

157025 - Default Gateway Configuration for Multihomed Computers
http://support.microsoft.com/default.aspx?scid=kb;en-us;157025&Product=win2000

Since you appear to have three subnets floating around and I have no idea
about the relationship between them,...I cannot tell you how to deal with
the problem the right way.

The best way is to never multi-home a Server under any circumstances
except
for Proxys and NAT Servers. Place real LAN routers between the subnets,
not
computers.

Here are other multi-homing "horrors" to keep in mind. This is why
computers
should only "live" on networks and let the Routers "route" the networks.

175767 - Expected Behavior of Multiple Adapters on Same Network
http://support.microsoft.com/default.aspx?scid=kb;EN-US;175767

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

Microsoft Windows XP - Multihoming Considerations
http://www.microsoft.com/resources/documentation/windows/xp/all/reskit/en-us/prcc_tcp_qpzj.asp?

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi all,

I have a Windows 2003 Enterprise Server which talks to machines in one
private network, hosted on one network card, and another private network as
well as the internet which should be routed over the other network card.
This exact layout on a Windows NT 4 Server works just fine, but not on
the
Windows 2003 Server which I'm setting up to replace the NT4 Server. The
setup:

NIC1:
IP: 192.168.90.1
Def GW: 192.168.90.67
Subnet mask: 255.255.255.0

NIC2:
IP: 10.10.10.2
Def GW: 10.10.10.1
Subnet mask: 255.255.255.0

NIC1 is connected to a Cisco PIX leading to a VPN. The PIX is the default
gateway, the network behind the PIX is 192.168.20.x
NIC2 is connected to a Sonicwall, which is connected to the internet. The
Sonicwall is the default gateway.

When I set the TCP/IP properties on the server, I always get a warning
message saying that having different default gateways would not work as
expected. The server then communicates just fine on the 192.168.90.x
network, and it can also ping machines on the 10.10.10.x network. But any
requests that would go out to the internet are failing, can't even an
outside server with a public IP (which works on the NT4 system).

Does anyone see how this can be solved? With the NT4 system I had to add
this route to get it to work:
route add 192.168.20.0 mask 255.255.255.0 192.168.90.67 -p

but that doesn't seem to make a difference on the Windows 2003 Server.

Any hints greatly appreciated. Thanks!

 

[J.H]

Hi there,

Removed the gateway on 2ND nick since the 1st NIC is your VPN server
interface (treating as
VPN server's internet interface).
You might have to check your routing configuration on the 2nd NIC network
then to make sure
when VPN client connected and assigned IP on the same network of 2ND NIC,
they can route to
other without any problem!

Take care,
J.H

Phillip,

thanks for the information. Do you think it could still be done (if yes,
how?) with these details:

All network traffic destined for the 192.168.20.x and 192.168.90.x should go
out via NIC1 (the one with the 192.168.90.1 address), ALL other traffic can
safely go out the 10.10.10.2 interface.

How could that be set routing wise (maybe with route add ... )

I stated that before, it worked beautifully on Windows NT 4 for many many
years.... (still does, but that server has to go, for obvious reasons).

Cheers

You cannot have two Default Gateways. By the very definition of the
term,..there can only be one.

157025 - Default Gateway Configuration for Multihomed Computers
http://support.microsoft.com/default.aspx?scid=kb;en-us;157025&Product=win2000

Since you appear to have three subnets floating around and I have no idea
about the relationship between them,...I cannot tell you how to deal with
the problem the right way.

The best way is to never multi-home a Server under any circumstances
except
for Proxys and NAT Servers. Place real LAN routers between the subnets,
not
computers.

Here are other multi-homing "horrors" to keep in mind. This is why
computers
should only "live" on networks and let the Routers "route" the networks.

175767 - Expected Behavior of Multiple Adapters on Same Network
http://support.microsoft.com/default.aspx?scid=kb;EN-US;175767

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

Microsoft Windows XP - Multihoming Considerations
http://www.microsoft.com/resources/documentation/windows/xp/all/reskit/en-us/prcc_tcp_qpzj.asp?

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi all,

I have a Windows 2003 Enterprise Server which talks to machines in one
private network, hosted on one network card, and another private

network
as

well as the internet which should be routed over the other network card.
This exact layout on a Windows NT 4 Server works just fine, but not on
the
Windows 2003 Server which I'm setting up to replace the NT4 Server. The
setup:

NIC1:
IP: 192.168.90.1
Def GW: 192.168.90.67
Subnet mask: 255.255.255.0

NIC2:
IP: 10.10.10.2
Def GW: 10.10.10.1
Subnet mask: 255.255.255.0

NIC1 is connected to a Cisco PIX leading to a VPN. The PIX is the default
gateway, the network behind the PIX is 192.168.20.x
NIC2 is connected to a Sonicwall, which is connected to the internet. The
Sonicwall is the default gateway.

When I set the TCP/IP properties on the server, I always get a warning
message saying that having different default gateways would not work as
expected. The server then communicates just fine on the 192.168.90.x
network, and it can also ping machines on the 10.10.10.x network. But any
requests that would go out to the internet are failing, can't even an
outside server with a public IP (which works on the NT4 system).

Does anyone see how this can be solved? With the NT4 system I had to add
this route to get it to work:
route add 192.168.20.0 mask 255.255.255.0 192.168.90.67 -p

but that doesn't seem to make a difference on the Windows 2003 Server.

Any hints greatly appreciated. Thanks!

 

[Chuck]

J.H.

I'm not sure what you're trying to say.

NIC1 cannot access the internet, it only connects to the 192.168.20.x and
192.168.90.x networks. NIC2 should be the one that handles everything else.

Maybe I should switch the NIC's?

 

[Phillip Windell]

You cannot use two IP#s from different subnets on the same NIC unless it is
a NIC that is VLAN (Frame Tagging) compatible and setup to do so.

As far as NT4, I have a strong suspicion that it wasn't doing things exactly
the way you may have thought it was doing it.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Phillip,

thanks for the information. Do you think it could still be done (if yes,
how?) with these details:

All network traffic destined for the 192.168.20.x and 192.168.90.x should go
out via NIC1 (the one with the 192.168.90.1 address), ALL other traffic can
safely go out the 10.10.10.2 interface.

How could that be set routing wise (maybe with route add ... )

I stated that before, it worked beautifully on Windows NT 4 for many many
years.... (still does, but that server has to go, for obvious reasons).

Cheers

You cannot have two Default Gateways. By the very definition of the
term,..there can only be one.

157025 - Default Gateway Configuration for Multihomed Computers
http://support.microsoft.com/default.aspx?scid=kb;en-us;157025&Product=win2000

Since you appear to have three subnets floating around and I have no idea
about the relationship between them,...I cannot tell you how to deal with
the problem the right way.

The best way is to never multi-home a Server under any circumstances
except
for Proxys and NAT Servers. Place real LAN routers between the subnets,
not
computers.

Here are other multi-homing "horrors" to keep in mind. This is why
computers
should only "live" on networks and let the Routers "route" the networks.

175767 - Expected Behavior of Multiple Adapters on Same Network
http://support.microsoft.com/default.aspx?scid=kb;EN-US;175767

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611

Microsoft Windows XP - Multihoming Considerations
http://www.microsoft.com/resources/documentation/windows/xp/all/reskit/en-us/prcc_tcp_qpzj.asp?

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi all,

I have a Windows 2003 Enterprise Server which talks to machines in one
private network, hosted on one network card, and another private

network
as

well as the internet which should be routed over the other network card.
This exact layout on a Windows NT 4 Server works just fine, but not on
the
Windows 2003 Server which I'm setting up to replace the NT4 Server. The
setup:

NIC1:
IP: 192.168.90.1
Def GW: 192.168.90.67
Subnet mask: 255.255.255.0

NIC2:
IP: 10.10.10.2
Def GW: 10.10.10.1
Subnet mask: 255.255.255.0

NIC1 is connected to a Cisco PIX leading to a VPN. The PIX is the default
gateway, the network behind the PIX is 192.168.20.x
NIC2 is connected to a Sonicwall, which is connected to the internet. The
Sonicwall is the default gateway.

When I set the TCP/IP properties on the server, I always get a warning
message saying that having different default gateways would not work as
expected. The server then communicates just fine on the 192.168.90.x
network, and it can also ping machines on the 10.10.10.x network. But any
requests that would go out to the internet are failing, can't even an
outside server with a public IP (which works on the NT4 system).

Does anyone see how this can be solved? With the NT4 system I had to add
this route to get it to work:
route add 192.168.20.0 mask 255.255.255.0 192.168.90.67 -p

but that doesn't seem to make a difference on the Windows 2003 Server.

Any hints greatly appreciated. Thanks!