locked
Multiple Gateway on the Network RRS feed

  • Question

  • Dear All,

    I have a situation here.

    The network has two internet connection

    A - Cable Modem (ADSL) - IP - 192.168.1.250 - used by server alone

    B - Fibre Optical Connection - IP - 192.168.1.1 - used by all clients

    Sever IP - 192.168.1.253 (used by the server for communicating over the internet & accepting VPN request from the Internet; Gateway - 192.168.1.250) & 192.168.1.254 (used for LAN)

    Server is configured for following 

    1. DHCP

    2. DNS

    3. Active Directory

    4. RRAS - VPN and Routing (RIP)

    5. Web & E-Mail Server

    6. Storage & File Server

    All the clients on the LAN will obtain their IP address from the server using the DHCP. The Gateway mentioned in the DHCP Config shall be 192.168.1.254. We have defined a static route defined in the RRAS and enabled RIP, that all communication on that interface shall be through the Gateway 192.168.1.1 by way of static route. However, when i run a tracert from the clients, it is shown that the client is using the Gateway 192.168.1.250 instead of 192.168.1.1.

    I know you may suggest that I can configure the DHCP to provide the default gateway as 192.168.1.1. But the problem is that this connection is sometimes un-reliable and are proven to disconnections. So when there is a connectivity issue, we are not able to force the client to change the gateway. Hence, we have opted for RIP which is more convenient and can accomplish the same without any client action.

    Please advise me if I am missing something or I have understood something wrongly. Please advise how I can achieve the above.

    Thanks and regards,

    -

    Sri

    . 

      

    Thursday, April 2, 2015 11:26 AM

Answers

  • Hi,

    According to your description, my understanding is that you want to configure the clients use gateway 192.168.1.1.

    I want to confirm with you that:
    VPN server with 2 NICs, one(192.168.1.253) connects to Internet, the other one(192.168.1.254) connects to internal LAN. This server also configured as DC/DNS/DHCP/etc. server.

    It seems that main server(DC/DNS/etc.) is connecting to Internet directly, it is not recommended for security reason. And mutihomed DC is not recommended configuration due to some known issues. It is better to acquire a separate server to be used as DC/DNS/DHCP for the network.

    This is a blog describes about Multihomed DCs with DNS, RRAS, and/or PPPoE adapters, for you reference:
    http://blogs.msmvps.com/acefekay/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters/

    Besides, are the internal LAN client or VPN client which you want to configure gateway as 192.168.1.1?

    For a client, traffic which need to be sent will do route selection first based on its own(client’s) routing table. You may open CMD and type route print to list the route table. If traffic is sent to the VPN server(enabled RIP, so it is also a RIP router), then, the VPN server will do route selection according to its routing table(use route print to list the routing table of the VPN server).

    Tracert is a route tracing utility that display a list of near-side router interfaces of the routers along the path between a source host and a destination.  You may just use ipconfig /all to confirm the gateway of the client.

    Best Regards,
    Eve Wang 

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 3, 2015 5:38 AM

All replies

  • Hi,

    According to your description, my understanding is that you want to configure the clients use gateway 192.168.1.1.

    I want to confirm with you that:
    VPN server with 2 NICs, one(192.168.1.253) connects to Internet, the other one(192.168.1.254) connects to internal LAN. This server also configured as DC/DNS/DHCP/etc. server.

    It seems that main server(DC/DNS/etc.) is connecting to Internet directly, it is not recommended for security reason. And mutihomed DC is not recommended configuration due to some known issues. It is better to acquire a separate server to be used as DC/DNS/DHCP for the network.

    This is a blog describes about Multihomed DCs with DNS, RRAS, and/or PPPoE adapters, for you reference:
    http://blogs.msmvps.com/acefekay/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters/

    Besides, are the internal LAN client or VPN client which you want to configure gateway as 192.168.1.1?

    For a client, traffic which need to be sent will do route selection first based on its own(client’s) routing table. You may open CMD and type route print to list the route table. If traffic is sent to the VPN server(enabled RIP, so it is also a RIP router), then, the VPN server will do route selection according to its routing table(use route print to list the routing table of the VPN server).

    Tracert is a route tracing utility that display a list of near-side router interfaces of the routers along the path between a source host and a destination.  You may just use ipconfig /all to confirm the gateway of the client.

    Best Regards,
    Eve Wang 

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 3, 2015 5:38 AM
  • What you are seeing is router redirect: when the server on 192.168.1.254 receives traffic from a host on 192.168.1.x, and when its routing table tells it to route the traffic to 192.168.1.250, it sees both the sending host and the route target are in the same subnet, so it sends the sending a host a re-direct message telling it to send directly to .250 in the future.

    "We have defined a static route ...through the Gateway 192.168.1.1" 
    Your server has a default route pointing at .250, not .1, so I'm not sure what you are saying here. A static route on the RRAS isn't going to affect routing being performed on the server, where your hosts' default gateway address is configured.

    Cause: basic design flaw: you have configured a conflicting subnet in multiple places on your network.
    you should never configure the same subnet on different interfaces on a device that is performing layer3 routing, thus extending a Layer2 network on either side of a Layer3 device.

    Solution:
    Your Cable Modem<---->Server connection should be in a unique subnet, not in 192.168.1.0/255
    Your fibre connection<---->Server connection should be in a unique subnet, not in 192.168.1.0/255

    Even better: Your hosts' default gateway address should be on a "Core" switch or router.

    Tuesday, April 14, 2015 2:51 AM