Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Private links routing in SBS2003

Posted on 2004-10-13
9
Medium Priority
?
326 Views
Last Modified: 2013-11-21
Two servers, Two ADSL connections

Have two servers (SBS2003 with ISA and 2003 Terminal Server) One ADSL for internet connection and the other ADSL is a private link to remote offices.

This is how I have it setup:

Remote workstations 192.168.1.101 (gateway 192.168.1.1)
       |
Private links remote ADSL 192.168.1.1
       |
      ISP
       |
Private links head office ADSL 192.168.16.1 (no gateway)
       |
   Switch
     /   \
    /     \___ Terminal Server 192.168.16.3 (gateway 192.168.16.2)
   /
1st NIC in SBS2003 192.168.16.2 (no gateway)
   ISA
2nd NIC in SBS2003 192.168.0.3 (gateway 192.168.0.1)
   |
Internet ADSL 192.168.0.1
   |

Now for the problem.

If I remove the SBS2003 box everything works as it should. Remote workstations can terminal server in to head office and I can remote administer the workstations.

Add the SBS2003 back in, it all falls over.

If I do a tracert from 192.168.16.3 (TS) to 192.168.1.101 it goes straight to 192.168.16.2 (SBS) first hop and that’s it.

As I see it, I need to add some routing to the SBS2003 box to send any packets destined for 192.168.1.101 back to 192.168.16.1 but have no idea how to do this.
Maybe it's an ISA issue, just don't know.

Regards
Bazoz
0
Comment
Question by:bazoz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 4

Expert Comment

by:sriwi
ID: 12296955
type "print route" in command prompt and post your result here, i think your computer doesn't the ip route

Cheers
0
 
LVL 1

Author Comment

by:bazoz
ID: 12297181
Hi sriwi

From TERMINAL SERVER

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 e0 81 2a cc 8a ...... Broadcom NetXtreme Gigabit Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination           Netmask            Gateway             Interface    Metric
                0.0.0.0                0.0.0.0     192.168.16.2       192.168.16.3       1
             127.0.0.0            255.0.0.0           127.0.0.1            127.0.0.1       1
       192.168.16.0      255.255.255.0     192.168.16.3       192.168.16.3     20
       192.168.16.3   255.255.255.255          127.0.0.1            127.0.0.1     20
   192.168.16.255   255.255.255.255     192.168.16.3       192.168.16.3     20
             224.0.0.0            240.0.0.0     192.168.16.3       192.168.16.3     20
  255.255.255.255  255.255.255.255     192.168.16.3       192.168.16.3       1
Default Gateway:      192.168.16.2
===========================================================================
Persistent Routes:
  None
 
From SBS 2003 (I did have another NIC in the Terminal Server 192.168.0.3 but have since disabled it - it still shows below)
 
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 e0 81 2b 06 15 ...... Intel(R) PRO/100 S Server Adapter - Packet Scheduler Miniport
0x10004 ...00 e0 81 2b 06 5a ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination           Netmask           Gateway           Interface   Metric
                0.0.0.0                0.0.0.0      192.168.0.1       192.168.0.3     20
             127.0.0.0            255.0.0.0          127.0.0.1          127.0.0.1       1
         192.168.0.0      255.255.255.0      192.168.0.3       192.168.0.3      20
         192.168.0.3  255.255.255.255          127.0.0.1           127.0.0.1     20
     192.168.0.255   255.255.255.255      192.168.0.3       192.168.0.3     20
       192.168.16.0      255.255.255.0     192.168.16.2     192.168.16.2     20
       192.168.16.2   255.255.255.255          127.0.0.1          127.0.0.1     20
   192.168.16.255   255.255.255.255     192.168.16.2     192.168.16.2     20
            224.0.0.0             240.0.0.0       192.168.0.3      192.168.0.3      20
            224.0.0.0             240.0.0.0     192.168.16.2     192.168.16.2     20
  255.255.255.255  255.255.255.255       192.168.0.3      192.168.0.3       1
  255.255.255.255  255.255.255.255     192.168.16.2     192.168.16.2       1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
0
 
LVL 1

Author Comment

by:bazoz
ID: 12297390
Oops, Sorry the other NIC was 192.168.0.4 in the Terminal Server - Since been disabled
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 4

Accepted Solution

by:
sriwi earned 1000 total points
ID: 12298587
On your sbs you need to add a route that is going from 192.168.16.x to 192.168.1.x through 192.168.16.1

otherwise the packets just get to the internet and never comes back.

on command prompt:

route -p add 192.168.1.0 255.255.255.0 192.168.16.1 20 IF 1

for example:
http://www.computerhope.com/routehlp.htm
0
 
LVL 1

Author Comment

by:bazoz
ID: 12307041
Hi sriwi

I couldn't get you route to work, but I could get this onto the Terminal Server box.

route -p add 192.168.1.0 mask 255.255.255.0 192.168.16.1

and now it nearly all works except I had to disable the ISA client on the TS box.

What do I need to add to ISA on the SBS2003 box so I can enable the ISA client. Because now the TS box cannot reach the internet.
0
 
LVL 4

Expert Comment

by:sriwi
ID: 12309287
you need to put the proxy on your internet explorer, after it should work, remember to put your isa ip address on the proxy address
0
 
LVL 1

Author Comment

by:bazoz
ID: 12312837
When you run \\SBS2003computername\connectcomputer from clients, ISA client and proxy settings get added by default.

But the only way I could get the clients to remote desktop into the TS box was to disable ISA client on the TS
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question