[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

ROUTE ADD problems on 2003 multihomed system.

BACKGROUND:

We needed to connect a 2003 system to another network via VPN.  The VPN network originally had the same IP scheme as the 2003 network (10.0.0.0/24).  Using a NAT device on the VPN network side, we were able to present a different scheme (172.16.254.0/24) to the 2003 side.
The 2003 side now needs to present a different scheme to the VPN side.  We chose 172.16.252.0/24.  We *cannot* install a NAT device on the 2003 side, so we multihomed the 2003 system:  

NIC 0x1 - 10.0.0.2/24, gateway 10.0.0.1
NIC 0x2 - 172.16.252.2/24, no gateway defined

Both are plugged into the same switch.

10.0.0.1 is a firewall with VPN set-up to the 172.16.254.0/24 network.  The VPN is negotiating and passing traffic.

PROBLEM:

I am attempting to route traffic from the 2003 system to the VPN network.  172.16.252.2 -> 172.16.254.3, and vice versa.

Receiving packets on the additional interface is no problem.  It ARPS fine to the firewall and *receives* data all day long.

*Sending* data is the problem.  The default route uses the 10.0.0.2 interface.  Attempting to add a route to use the additional interface for VPN traffic:

ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 0x2

Gets me:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

This is a stumper.  Any ideas folks???

Thanks!!!!!
0
rrsarge
Asked:
rrsarge
  • 3
1 Solution
 
adamdrayerCommented:
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 2

0
 
rrsargeAuthor Commented:
Does not work.  No change in the error.
0
 
adamdrayerCommented:
sorry.  10.0.0.1 is not on the same network as 172.16.252.2.  This will not work.

In my opinion, you should setup a VPN client to handle this.  Also, I don't understand your comment about not setting up NAT on the 2003 side.  You can setup rules to NAT certain addresses and not others and NAT certain ways.  You could setup a system to NAT all traffic destined for the VPN, and not NAT all others.  You must be running some kind of NAT since your using an RF1918 addressing scheme.
0
 
adamdrayerCommented:
basically, you're gonna need a gateway on the 172.16.252.2/24 network.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now