Solved

ROUTE ADD problems on 2003 multihomed system.

Posted on 2004-08-24
7
200 Views
Last Modified: 2011-10-03
BACKGROUND:

We needed to connect a 2003 system to another network via VPN.  The VPN network originally had the same IP scheme as the 2003 network (10.0.0.0/24).  Using a NAT device on the VPN network side, we were able to present a different scheme (172.16.254.0/24) to the 2003 side.
The 2003 side now needs to present a different scheme to the VPN side.  We chose 172.16.252.0/24.  We *cannot* install a NAT device on the 2003 side, so we multihomed the 2003 system:  

NIC 0x1 - 10.0.0.2/24, gateway 10.0.0.1
NIC 0x2 - 172.16.252.2/24, no gateway defined

Both are plugged into the same switch.

10.0.0.1 is a firewall with VPN set-up to the 172.16.254.0/24 network.  The VPN is negotiating and passing traffic.

PROBLEM:

I am attempting to route traffic from the 2003 system to the VPN network.  172.16.252.2 -> 172.16.254.3, and vice versa.

Receiving packets on the additional interface is no problem.  It ARPS fine to the firewall and *receives* data all day long.

*Sending* data is the problem.  The default route uses the 10.0.0.2 interface.  Attempting to add a route to use the additional interface for VPN traffic:

ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 0x2

Gets me:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

This is a stumper.  Any ideas folks???

Thanks!!!!!
0
Comment
Question by:rrsarge
  • 3
7 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11884845
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 2

0
 

Author Comment

by:rrsarge
ID: 11884891
Does not work.  No change in the error.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11884948
sorry.  10.0.0.1 is not on the same network as 172.16.252.2.  This will not work.

In my opinion, you should setup a VPN client to handle this.  Also, I don't understand your comment about not setting up NAT on the 2003 side.  You can setup rules to NAT certain addresses and not others and NAT certain ways.  You could setup a system to NAT all traffic destined for the VPN, and not NAT all others.  You must be running some kind of NAT since your using an RF1918 addressing scheme.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 125 total points
ID: 11884970
basically, you're gonna need a gateway on the 172.16.252.2/24 network.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ntp settings vcenter 4 60
AD health monitoring 2 79
Using Windows Firewall to separate 2 networks on PC with dual NICS? 5 99
EXCHANGE: Extended schema in child domain 7 64
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question