Solved

ROUTE ADD problems on 2003 multihomed system.

Posted on 2004-08-24
7
192 Views
Last Modified: 2011-10-03
BACKGROUND:

We needed to connect a 2003 system to another network via VPN.  The VPN network originally had the same IP scheme as the 2003 network (10.0.0.0/24).  Using a NAT device on the VPN network side, we were able to present a different scheme (172.16.254.0/24) to the 2003 side.
The 2003 side now needs to present a different scheme to the VPN side.  We chose 172.16.252.0/24.  We *cannot* install a NAT device on the 2003 side, so we multihomed the 2003 system:  

NIC 0x1 - 10.0.0.2/24, gateway 10.0.0.1
NIC 0x2 - 172.16.252.2/24, no gateway defined

Both are plugged into the same switch.

10.0.0.1 is a firewall with VPN set-up to the 172.16.254.0/24 network.  The VPN is negotiating and passing traffic.

PROBLEM:

I am attempting to route traffic from the 2003 system to the VPN network.  172.16.252.2 -> 172.16.254.3, and vice versa.

Receiving packets on the additional interface is no problem.  It ARPS fine to the firewall and *receives* data all day long.

*Sending* data is the problem.  The default route uses the 10.0.0.2 interface.  Attempting to add a route to use the additional interface for VPN traffic:

ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 0x2

Gets me:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

This is a stumper.  Any ideas folks???

Thanks!!!!!
0
Comment
Question by:rrsarge
  • 3
7 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11884845
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 2

0
 

Author Comment

by:rrsarge
ID: 11884891
Does not work.  No change in the error.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11884948
sorry.  10.0.0.1 is not on the same network as 172.16.252.2.  This will not work.

In my opinion, you should setup a VPN client to handle this.  Also, I don't understand your comment about not setting up NAT on the 2003 side.  You can setup rules to NAT certain addresses and not others and NAT certain ways.  You could setup a system to NAT all traffic destined for the VPN, and not NAT all others.  You must be running some kind of NAT since your using an RF1918 addressing scheme.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 125 total points
ID: 11884970
basically, you're gonna need a gateway on the 172.16.252.2/24 network.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now