rrsarge
asked on
ROUTE ADD problems on 2003 multihomed system.
BACKGROUND:
We needed to connect a 2003 system to another network via VPN. The VPN network originally had the same IP scheme as the 2003 network (10.0.0.0/24). Using a NAT device on the VPN network side, we were able to present a different scheme (172.16.254.0/24) to the 2003 side.
The 2003 side now needs to present a different scheme to the VPN side. We chose 172.16.252.0/24. We *cannot* install a NAT device on the 2003 side, so we multihomed the 2003 system:
NIC 0x1 - 10.0.0.2/24, gateway 10.0.0.1
NIC 0x2 - 172.16.252.2/24, no gateway defined
Both are plugged into the same switch.
10.0.0.1 is a firewall with VPN set-up to the 172.16.254.0/24 network. The VPN is negotiating and passing traffic.
PROBLEM:
I am attempting to route traffic from the 2003 system to the VPN network. 172.16.252.2 -> 172.16.254.3, and vice versa.
Receiving packets on the additional interface is no problem. It ARPS fine to the firewall and *receives* data all day long.
*Sending* data is the problem. The default route uses the 10.0.0.2 interface. Attempting to add a route to use the additional interface for VPN traffic:
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 0x2
Gets me:
"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."
This is a stumper. Any ideas folks???
Thanks!!!!!
We needed to connect a 2003 system to another network via VPN. The VPN network originally had the same IP scheme as the 2003 network (10.0.0.0/24). Using a NAT device on the VPN network side, we were able to present a different scheme (172.16.254.0/24) to the 2003 side.
The 2003 side now needs to present a different scheme to the VPN side. We chose 172.16.252.0/24. We *cannot* install a NAT device on the 2003 side, so we multihomed the 2003 system:
NIC 0x1 - 10.0.0.2/24, gateway 10.0.0.1
NIC 0x2 - 172.16.252.2/24, no gateway defined
Both are plugged into the same switch.
10.0.0.1 is a firewall with VPN set-up to the 172.16.254.0/24 network. The VPN is negotiating and passing traffic.
PROBLEM:
I am attempting to route traffic from the 2003 system to the VPN network. 172.16.252.2 -> 172.16.254.3, and vice versa.
Receiving packets on the additional interface is no problem. It ARPS fine to the firewall and *receives* data all day long.
*Sending* data is the problem. The default route uses the 10.0.0.2 interface. Attempting to add a route to use the additional interface for VPN traffic:
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 0x2
Gets me:
"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."
This is a stumper. Any ideas folks???
Thanks!!!!!
adamdrayer
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 2
ASKER
Does not work. No change in the error.
sorry. 10.0.0.1 is not on the same network as 172.16.252.2. This will not work.
In my opinion, you should setup a VPN client to handle this. Also, I don't understand your comment about not setting up NAT on the 2003 side. You can setup rules to NAT certain addresses and not others and NAT certain ways. You could setup a system to NAT all traffic destined for the VPN, and not NAT all others. You must be running some kind of NAT since your using an RF1918 addressing scheme.
In my opinion, you should setup a VPN client to handle this. Also, I don't understand your comment about not setting up NAT on the 2003 side. You can setup rules to NAT certain addresses and not others and NAT certain ways. You could setup a system to NAT all traffic destined for the VPN, and not NAT all others. You must be running some kind of NAT since your using an RF1918 addressing scheme.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.