Multihomed Win2k Server Routing Issue

[Uberstein]

Help!!! I have been tasked with managing a network as follows.
Multihomed Win2k Server, 2 NICs. Approx. 40 client workstations.


On server, NIC 1 (192.168.1 subnet) has address 192.168.1.250, netmask
255.255.255.0. Default gateway is set to 192.168.1.1 (Cisco router).
This NIC is connected to an unmanaged switch, which in turn has a bunch
of 192.168.1.xx clients connected. These clients have default gateway
set to 192.168.1.1, 192.168.1.250 will NOT work for some reason, which
seems wrong. The router (which connects in turn to the internet) is
also connected to this switch. Router internal address is 192.168.1.1.

NIC 2 (192.168.3 subnet) has address 192.168.3.250 and netmask of
255.255.255.0. NIC 2 is connected to another unmanaged switch, with a
bunch of 192.168.3.xx clients connected to it. These machines have
default gateway set to 192.168.3.250.

From any machines in 192.168.3 subnet, I can ping 192.168.1.250, and/or

any machine in the 192.168.1.xx subnet no problem...

The Problem(tm) is when I try pinging 192.168.3.250 (or any machine on
the .3 subnet) from ANY machine in the 192.168.1.xx subnet, no go.
Times out. With gateway set to 192.168.1.1, tracert (to 192.168.3.250)
gets that far (first hop, 192.168.1.1) and no further. With gateway set
to 192.168.1.250 (which SEEMS like it ought to work) tracert doesnt
even get response on first hop. (Which should be 192.168.1.250). Thing
is, I can PING 192.168.1.250 just fine from machines on 192.168.1
subnet, it just refuses to be a gateway.

Also, there is no internet for 192.168.1.xx PC if gateway is set to
anything but router internal IP address. Again, it SEEMS like the
..1.250 NIC on the server SHOULD be able to route packets from the
..1.250 subnet to the .3.250 subnet and thus serve as a gateway between
the subnets like the .3.250 NIC does, but it doesn't.

Routing table for server follows:

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.250 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.0.0.192 255.255.255.255 192.168.1.250 192.168.1.250 1

192.168.1.0 255.255.255.0 192.168.1.250 192.168.1.250 1
192.168.1.250 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.250 192.168.1.250 1

192.168.3.0 255.255.255.0 192.168.3.250 192.168.3.250 1
192.168.3.250 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.3.255 255.255.255.255 192.168.3.250 192.168.3.250 1

224.0.0.0 224.0.0.0 192.168.1.250 192.168.1.250 1
224.0.0.0 224.0.0.0 192.168.3.250 192.168.3.250 1

255.255.255.255 255.255.255.255 192.168.1.250 192.168.1.250 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

What can I do to fix this issue?

Any help at all much appreciated, I'm stumped here. Been at this issue
for weeks.

 

[Robert L [MS-MVP]]

Did I answer this question before? Think about that the default GW is 192.168.1.1 and all traffic 0.0.0.0 except 192.168.1.x will goes to 192.168.1.1. Your Cisco router must have a router point all 0.0.0.0 including 192.168.3.x to outside port. So, you need to add one more route point back to 192.168.1.250 if it goes to 192.168.3.x. The following quotation from http://www.ChicagoTech.net may help.
Network Routing Analysis

In our Lab, we have a network small network connecting to our main network through 3COM wireless router and the main network has another Cisco router connecting to the Internet. The computers in the Lab can ping main network computers and the Internet. But computers in the main network can't ping the lab computers. Here are settings:

LAB IP: 192.168.2.0 mask 255.255.255.0, GW (default gateway): 192.168.2.1 connecting to 3com router and then to 10.0.0.100 as GW in main network that 10.0.0.0 and 255.255.0.0. Main network has Cisco router GW is 10.0.0.2.

Analysis 1: before changing the route table, any computers in 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet because all traffic goes to 192.168.2.1 GW to 10.0.0.0 network and then through 10.0.0.2 GW to the Internet. However, computers on network 10.0.0.0 can't access the 192.168.2.0 network because all traffic will go to 10.0.0.2 GW.

Resolutions: all 10.0.0.X clients need to know how to get back to the 192.168.2.0 network. This can be accomplished in several ways:

1) Add a GW to each client pointing to 10.0.0.100 by using add 192.168.2.0 mask 255.255.0.0 10.0.0.100. Here is the route table after adding the route.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 01 03 28 89 cf ...... 3Com EtherLink PCI
0x1000004 ...00 90 27 55 44 07 ...... Intel(R) PRO Adapter
===========================================================================

===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Mretric
0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.11 1
10.0.0.0 255.255.0.0 10.0.0.11 10.0.0.11 1
10.0.0.11 255.255.255.255 127.0.0.1 127.0.0.1 1
10.0.0.20 255.255.255.255 10.0.0.11 10.0.0.11 1
10.255.255.255 255.255.255.255 10.0.0.11 10.0.0.11 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 10.0.0.100 10.0.0.11 1
224.0.0.0 224.0.0.0 10.0.0.11 10.0.0.11 1
255.255.255.255 255.255.255.255 10.0.0.11 10.0.0.11 1
Default Gateway: 10.0.0.2
===========================================================================
Persistent Routes:
None

2) Add route on the Cisco pointing 192.168.2.0 mask 255.255.255.0 10.0.0.100. The client then would send the 192.168.2 traffic to
10.0.0.2 which should then forward the packet to 10.0.0.2 and send the client an ICMP Redirect to use 10.0.0.2 when talking to
192.168.2.x.
3) Also rather than adding static routes, you could configure the 2 routers to dynamically learn each others routes via a routing protocol like RIP or OSPF.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.


Help!!! I have been tasked with managing a network as follows.
Multihomed Win2k Server, 2 NICs. Approx. 40 client workstations.


On server, NIC 1 (192.168.1 subnet) has address 192.168.1.250, netmask
255.255.255.0. Default gateway is set to 192.168.1.1 (Cisco router).
This NIC is connected to an unmanaged switch, which in turn has a bunch
of 192.168.1.xx clients connected. These clients have default gateway
set to 192.168.1.1, 192.168.1.250 will NOT work for some reason, which
seems wrong. The router (which connects in turn to the internet) is
also connected to this switch. Router internal address is 192.168.1.1.

NIC 2 (192.168.3 subnet) has address 192.168.3.250 and netmask of
255.255.255.0. NIC 2 is connected to another unmanaged switch, with a
bunch of 192.168.3.xx clients connected to it. These machines have
default gateway set to 192.168.3.250.

From any machines in 192.168.3 subnet, I can ping 192.168.1.250, and/or

any machine in the 192.168.1.xx subnet no problem...

The Problem(tm) is when I try pinging 192.168.3.250 (or any machine on
the .3 subnet) from ANY machine in the 192.168.1.xx subnet, no go.
Times out. With gateway set to 192.168.1.1, tracert (to 192.168.3.250)
gets that far (first hop, 192.168.1.1) and no further. With gateway set
to 192.168.1.250 (which SEEMS like it ought to work) tracert doesnt
even get response on first hop. (Which should be 192.168.1.250). Thing
is, I can PING 192.168.1.250 just fine from machines on 192.168.1
subnet, it just refuses to be a gateway.

Also, there is no internet for 192.168.1.xx PC if gateway is set to
anything but router internal IP address. Again, it SEEMS like the
.1.250 NIC on the server SHOULD be able to route packets from the
.1.250 subnet to the .3.250 subnet and thus serve as a gateway between
the subnets like the .3.250 NIC does, but it doesn't.

Routing table for server follows:

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.250 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.0.0.192 255.255.255.255 192.168.1.250 192.168.1.250 1

192.168.1.0 255.255.255.0 192.168.1.250 192.168.1.250 1
192.168.1.250 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.250 192.168.1.250 1

192.168.3.0 255.255.255.0 192.168.3.250 192.168.3.250 1
192.168.3.250 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.3.255 255.255.255.255 192.168.3.250 192.168.3.250 1

224.0.0.0 224.0.0.0 192.168.1.250 192.168.1.250 1
224.0.0.0 224.0.0.0 192.168.3.250 192.168.3.250 1

255.255.255.255 255.255.255.255 192.168.1.250 192.168.1.250 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

What can I do to fix this issue?

Any help at all much appreciated, I'm stumped here. Been at this issue
for weeks.

 

[Uberstein]

So the only way to fix this is to add another route to the Cisco
Router? That's fine, and I intend to give that a go, but I'm STILL
wondering why I can't use 192.168.1.250 (server NIC) as the default
gateway for all of the machines in the 192.168.1 subnet. When I do,
there is no internet for those machines, and STILL no being able to see
or ping machines in the 192.168.3 subnet. Ideally, that is what I'd
like to have happen.

For some reason, that 1.250 NIC ignores all routing requests thrown at
it, but it IS listed as a routing interface in Routing and Remote
Access Applet on the server.

In short, the 192.168.3.250 server NIC acts as a gateway for the .3
subnet just fine, why won't the 192.168.1.250 server NIC do the same
for the .1 subnet?

Thanks for the help so far, much appreciated.

 

[Uberstein]

Ok update. was able to fix the problem of not seeing machines on .3
subnet from machines on .1 subnet by changing the NAT setting in
routing and remote access applet. I went to the properties of the
192.168.1.250 adapter. It was set to public interface. Changing it to
private interface solved the problem---but created another. Suddenly
users on .3 subnet lost internet access. .1 subnet internet access
remained fine. I fiddled a bit, but eventually put it back to public as
these poor people need internet access to do their jobs. I will
probably put it to private again after hours and go from there.

What is the next step? If both adapters are set to do private NAT only
is there any way to get the subnet without the router (192.168.3.xx
subnet) to have internet?

 

[Robert L [MS-MVP]]

you have two issues here.

1. Routing. If you do not want to add route in the cisco router, you can use route command on 192.168.1.x computer pointing them to the 192.168.3.x.

2. NAT blocking the traffic from 192.168.1.x to 192.168.3: Since you enabled the NAT, one (I am assuming it is 192.168.1.250 ) you may setup as public and 192.168.3.250 is private. Now, what the NAT does (like firewall) blocking all trafiics from outside, in your case it is 192.168.1.x.

For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

So the only way to fix this is to add another route to the Cisco
Router? That's fine, and I intend to give that a go, but I'm STILL
wondering why I can't use 192.168.1.250 (server NIC) as the default
gateway for all of the machines in the 192.168.1 subnet. When I do,
there is no internet for those machines, and STILL no being able to see
or ping machines in the 192.168.3 subnet. Ideally, that is what I'd
like to have happen.

For some reason, that 1.250 NIC ignores all routing requests thrown at
it, but it IS listed as a routing interface in Routing and Remote
Access Applet on the server.

In short, the 192.168.3.250 server NIC acts as a gateway for the .3
subnet just fine, why won't the 192.168.1.250 server NIC do the same
for the .1 subnet?

Thanks for the help so far, much appreciated.

 

[Robert L [MS-MVP]]

re-set to both as private and post the results of ipconfig /all and routing table here.

For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

Ok update. was able to fix the problem of not seeing machines on .3
subnet from machines on .1 subnet by changing the NAT setting in
routing and remote access applet. I went to the properties of the
192.168.1.250 adapter. It was set to public interface. Changing it to
private interface solved the problem---but created another. Suddenly
users on .3 subnet lost internet access. .1 subnet internet access
remained fine. I fiddled a bit, but eventually put it back to public as
these poor people need internet access to do their jobs. I will
probably put it to private again after hours and go from there.

What is the next step? If both adapters are set to do private NAT only
is there any way to get the subnet without the router (192.168.3.xx
subnet) to have internet?

 

[Uberstein]

Tried adding a route manually on one of the .1 subnet clients...did not
work.
Tried 'route add 192.168.3.0 mask 255.255.255.0 192.168.1.18 metric 1.'
Tried 'route change 192.168.3.0 mask 255.255.255.0 192.168.1.250 metric
1.'
Tried 'route change 192.168.3.0 mask 255.255.255.0 192.168.3.250 metric
1.'
None of these worked. Guess I don't understand what you mean.

What if I simply removed NAT from RRAS entirely? Not sure why it's
needed, since Cisco Router should be doing NAT. (I need to check on
this, I know)