Improve company productivity with a Business Account.Sign Up

x
?
Solved

ROUTE ADD problems on 2003 multihomed system.

Posted on 2004-08-24
7
Medium Priority
?
214 Views
Last Modified: 2011-10-03
BACKGROUND:

We needed to connect a 2003 system to another network via VPN.  The VPN network originally had the same IP scheme as the 2003 network (10.0.0.0/24).  Using a NAT device on the VPN network side, we were able to present a different scheme (172.16.254.0/24) to the 2003 side.
The 2003 side now needs to present a different scheme to the VPN side.  We chose 172.16.252.0/24.  We *cannot* install a NAT device on the 2003 side, so we multihomed the 2003 system:  

NIC 0x1 - 10.0.0.2/24, gateway 10.0.0.1
NIC 0x2 - 172.16.252.2/24, no gateway defined

Both are plugged into the same switch.

10.0.0.1 is a firewall with VPN set-up to the 172.16.254.0/24 network.  The VPN is negotiating and passing traffic.

PROBLEM:

I am attempting to route traffic from the 2003 system to the VPN network.  172.16.252.2 -> 172.16.254.3, and vice versa.

Receiving packets on the additional interface is no problem.  It ARPS fine to the firewall and *receives* data all day long.

*Sending* data is the problem.  The default route uses the 10.0.0.2 interface.  Attempting to add a route to use the additional interface for VPN traffic:

ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 0x2

Gets me:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

This is a stumper.  Any ideas folks???

Thanks!!!!!
0
Comment
Question by:rrsarge
  • 3
4 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11884845
ROUTE ADD 172.16.254.0 MASK 255.255.255.0 10.0.0.1 IF 2

0
 

Author Comment

by:rrsarge
ID: 11884891
Does not work.  No change in the error.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11884948
sorry.  10.0.0.1 is not on the same network as 172.16.252.2.  This will not work.

In my opinion, you should setup a VPN client to handle this.  Also, I don't understand your comment about not setting up NAT on the 2003 side.  You can setup rules to NAT certain addresses and not others and NAT certain ways.  You could setup a system to NAT all traffic destined for the VPN, and not NAT all others.  You must be running some kind of NAT since your using an RF1918 addressing scheme.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
ID: 11884970
basically, you're gonna need a gateway on the 172.16.252.2/24 network.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Watch the video of Kernel Migrator for SharePoint, which demonstrate the process easily of migration from SharePoint to SharePoint, OneDrive for Business & Google Drive servers, Public Folder to SharePoint, File Server to SharePoint. The tool has va…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question