Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Dual NIC Setup???

Posted on 2004-01-24
13
Medium Priority
?
43,430 Views
Last Modified: 2013-11-09
Please help I have something crazy going on with a XP Pro machine..
Here's my setup

Internet connection Cisco router 24.126.196.201 with 5 IP's 24.126.196.202-206


Local Lan Subnet: 192.168.0.0
VPN Router: LAN-192.168.0.1 /Wan-24.126.196.202
File Server: 192.168.0.2
File Server: 192.168.0.3
Web Server: 192.168.0.4
Clients: 192.168.0.10/200
(all computers have 1 NIC)

This setup has been working fine for years.  All http requests come in to router and get fowarded to the web server..

Want to add a XP Pro machine to use for another single site web server.  this web server will need to access files on the local lan file server.  So I put two NIC's in the computer. I am not using any Nat or VPN router on this computer.
NIC #1: 192.168.0.5(same subnet as lan)
NIC #2: 24.126.196.203(cable modem)

Something is wrong here..  I can remote desktop into the computer from the VPN on the lan 192.168.0.5 but when i do it seems that 24.126.169.203 goes dead.  I cannot ping it or anything.  then when i log out something changes and then can log into the 24.126.196.203 ip and then the lan 192.168.0.5 i cannot ping.  something is crazy here and it is not me.I spent days on this to figure it out and just cant!!  
Please Help!!!   Joe
0
Comment
Question by:joebox
  • 3
  • 2
  • 2
  • +4
13 Comments
 
LVL 41

Accepted Solution

by:
stevenlewis earned 2000 total points
ID: 10193173
If you have a multi homed machine, you can only have one default gateway



http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q262397

When two network adapters are present in a computer (multihomed), a default gateway should only be assigned

to one of the network adapter's TCP/IP properties. If one of the network adapters is used to connect

to the Internet, the default gateway should be assigned to that network adapter. In many cases, the

default gateway, as well as the other necessary TCP/IP information is assigned automatically by the

Internet Service Provider by using Dynamic Host Configuration Protocol (DHCP). This can be confirmed

by using the IP Configuration utility (Winipcfg.exe) to view the TCP/IP properties for the network adapter

you are using to connect to the Internet.

For the network adapter that is connected only to the Local Area Network (LAN), such as a home or corporate

network, a static routing entry must be entered into the computer's routing table if the computer needs

to obtain access to network resources across a router or multiple routers. For example, if the router

interface on the same subnet has an IP address of 192.168.1.1 and the router is connecting the 192.168.1.0

network to a 201.115.1.0 network, the following command would need to be entered either at a command

prompt within Windows or from a batch file:

ROUTE ADD 201.115.1.0 MASK 255.255.255.0 192.168.1.1

This command instructs Windows to send all traffic that is destined for the 201.115.1.0 network to the

192.168.1.1 interface on the router. To verify that the ROUTE ADD command was successful, use the ROUTE

PRINT command to view the current routing table. If multiple routers are being used on the LAN segment,

a separate ROUTE ADD is needed for each router.

Note that the routing entry is not persistent in Windows 98/95, even with the -p switch, and is lost

after you restart the computer. To have this entry automatically added for every Windows session, create

a batch file with the necessary ROUTE ADD command(s) and place it in the Windows StartUp folder to be

executed each time Windows starts.

If DHCP is used to assign IP addresses on the LAN, the DHCP server should be configured to not provide

a default gateway.


0
 

Author Comment

by:joebox
ID: 10193271
I think I got the jist of the article..  basically I should have only 1 default gateway set.  As far as the part of adding routes would i need to do that because the IP of the local lan card is already on the same subnet??  I thought only different subnets needed to be routed to each other??  
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 10193445
No, you shouldn't need to do the route add (check to see)
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 37

Expert Comment

by:bbao
ID: 10193618
ok, lets confirm your network topology at first:
                          ______________________________  (24.126.196.200/28)
                           |                      |                        |
                 24.126.196.201  24.126.196.202   24.126.196.203
                   cisco router        vpn router         xp computer
remote pc --- (internet)         192.168.0.1        192.168.0.5
                    _________________|______________|___________ (192.168.0.0/24)
                       |                   |                  |                        |
                192.168.0.2   192.168.0.3   192.168.0.4    192.168.0.10~200
                 file server      file server     web server      client computers

>> I can remote desktop into the computer from the VPN on the lan 192.168.0.5

through vpn? from where, a remote pc with vpn client software on the internet? just like that i illustrate above?

>> but when i do it seems that 24.126.169.203 goes dead. I cannot ping it or anything.

you mean, if you logon xp computer with remote desktop, you can not ping anything? can you ping other computers on 192.168.0.0 lan before you logon the xp?

>> then when i log out something changes
>> and then can log into the 24.126.196.203 ip and then the lan 192.168.0.5 i cannot ping.

not sure what you mean about "log into the 24.126.196.203"...

could you please be more specific on above information? thanks.
0
 
LVL 11

Expert Comment

by:nazirahmed
ID: 10193658
you need to add route to you routing table. in simple words, your local LAN NIC should know where to send the requests for local lan. similarly, you second NIC should know where to send its information.

NIC #1: 192.168.0.5(same subnet as lan)
route add 192.168.0.0 mask(eg. 255.255.255.0) and gateway which should be the IP of your VPN router Lan address 192.168.0.1
so the command should look like

route add 192.168.0.0 mask whatever 192.168.0.1 192.168.0.5

NIC #2: 24.126.196.203(cable modem)
similarly add this as well
route add 24.126.196.0 mask whatever 24.126.196.202 24.126.196.203

hope this will help

0
 
LVL 11

Expert Comment

by:nazirahmed
ID: 10193677
and also add this entry as well
route add 0.0.0.0 mask 0.0.0.0 24.126.196.202  24.126.196.203
0
 
LVL 6

Expert Comment

by:Pascal666
ID: 10193967
Sounds to me like your problem has nothing to do with the XP machine.  Let me make sure I understand what you are saying though.  When you login to the VPN from a machine on the Internet you can get the the inside IP of the XP box but not the outside IP, but when that machine on the Internet logs out of the VPN it can get to the outside IP address of the XP box but not the inside one.  Right?

This is normal behavior for most VPN clients.  They only allow you to route over the VPN when you are logged into it.  When you are logged into the VPN you will not be able to get to any public IPs.  If you try accessing the outside IP on your XP machine from a different machine on the Internet, while you are VPN'd in, you will see that the outside IP of the XP machine does indeed still work from the Internet, just not from the box you established the VPN from.

You did not say what type of VPN router you use, but most of them have an option called split tunneling that will allow a box VPN'd into it to also access IPs on the public Internet.

-Pascal
0
 
LVL 9

Expert Comment

by:drev001
ID: 10196145
Can you post an IPCONFIG /ALL from the XP machine.

As stevenlewis mentioned, you should only have one default gateway. As this machine will host a website, the default gateway must be specified on the WAN NIC and it should be the IP address of the Cisco router.

Does this XP machine access another private network over a vpn tunnel or similar? if so, you must add a static route on the machine itself as the Cisco will not know where to route it.
0
 
LVL 9

Expert Comment

by:drev001
ID: 10196167
By the way, if your VPN firewall device supports multiple IP addresses on it's WAN interface, it may be worth assigning 24.126.196.203 to it and forward port 80 to the new XP machine. Or a static one-to-one translation, etc.

This way you can lose the second NIC and forget about routing problems.
0
 

Expert Comment

by:docey
ID: 10198116
docey here,

i think pascal666 is right, i had the same sort of problem. its i typical vpn behavior when you use vpn all your IP traffic goes over the vpn also your ping and internet traffic but the vpn is a closed network so you can ping the XP box on the virtual local ip(inside ip) but because all your traffic goes trough the vpn your have no internet connection. your locked inside the vpn like a local network without a router or gateway. thats why you cant ping the outside ip of the XP box, when you disconnect of the vpn your back to normal with your internet connection and can ping the outside ip of the XP box again.

here's the way how to fix it. it wil work in most cases but might now always be possible because of ISP rules. what your actualy doing is the same as you would do at a home network. make a gateway using one or two network cards.
since a this is a vpn wich is closed it needs a point to get on the internet again away of the local IP addresses. you can use this IP box for this or any other comp that supports bridging of forward. because you have a xp box both are posible but remember that creating a gateway to the internet on your vpn does allow you again to access internet but anyone else on the vpn too!!! so remember that if this is some friends vpn and the use it to share files and play games with you or something and they forget to close there connection to the vpn there using you as ISP and your ISP might not be happy having your friends bandwith with treir download, irc, msn, ftp, etc trough your vpn on there network. so check this first, make rules on using this new gateway. you don't like paying for your friends bandwidth do you? okay now howto setup:

connect to the XP box and connect the XP box to the vpn. now if your gonne use bridging wich does allow more apps but is slower you select while holding the control-button and select the real network adaptor and the vpn adaptor and click right and select bridging. now traffic from the vpn can float troug the bridge onto the real network of your ISP and vicaversa. this is however not advised since the it might be even incompatible with your ISP(they might block this) so how about forwarding.

forwarding is more usefull for this since its faster and more adaptive. it needs nearly no configuration and can easely setup since no real routes need to be configured. its done automatic. click on the real adaptor and click on the sharing tab. then simply click "share this connection" now you share this connection with your vpn connection wich might be lost for a moment, so if posible don't do this over a network connect, prefer to do this kind of stuf on local level. if something goes wrong you cant reconnect and lose control of your XP box!!

now you can local from somewhere else on the internet connect to your vpn and set your default gateway to that of the XP box. you should now be able to see both the inside of the XP box and the outside trough the internet connection. also other ips should be availalbe now. do forget, don't try to setup some kind of internet sharing on the VPN server itself since there is some problem in windows 2000 and XP that sharing a connection(ICS) and serving VPN connections to others will result in a broker connection sharing. thus use one machine for the VPN server(you already have that cisco router) and then use another as gateway(your xp box for example).

hope this helps.

cya docey
0
 
LVL 37

Expert Comment

by:bbao
ID: 10200571
joebox, any feedback to above comments please? what solved your problem?
0
 

Author Comment

by:joebox
ID: 10205070
All you guys are GREAT!!  I held out to make sure there were no more problems before I posted back.  Everything is fine now and was as soon as I deleted the Default Gateway on the lan side NIC.  

Pascal666: What you said about the VPN router is also right on.  I am using a Linksys/Cisco VPN router.  It works great as I have 7 VPN's setup, It is a cheaper end router so there is no function od split tunneling or multi IP's but thanks for the tip.  Mabey I will look for those features in future VPN purchases.

Once again Guys THANKS for all the help!!  Joe
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 10205192
Joe, glad we could help!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question