Link to home
Create AccountLog in
Avatar of jessmca
jessmca

asked on

Dual gateway routing problem (500 points)

Hi,

We have a leased line and want to move over to broadband.  At the moment the mail comes to the leased line ip address.  To test forwarding on the Adsl router, I pointed a domain to the adsl static ip with NAT to 192.168.10.201 and configured IIS on that server.

Leased Line
Cisco Router (5 static ip's with Subnet 248)
    |
Sonicwall Router with VPN and Firewall
192.168.10.3
    |
Intel 510 switch  ->  192.168.10.(20-30)
192.168.10.1
    |
ST Fiber Converter
    |
    |
ST Fiber Converter
    |
Intel 510 switch  ->  192.168.10.(40-50) + Servers 192.168.10.200 - 210
192.168.10.2
    |
Adsl Gateway Router (13 static ip's with Subnet 240)
192.168.10.203

Computers without NAT can change the gateway between Adsl and Sonicwall ok.

Since the gateway was changed on the server with NAT via the Adsl router, this server can no longer change its gateway back without preventing the entire network from reaching the 192.168.10.3 gateway.

I am not yet ready to move everything onto the Adsl network but want to be able to change between both for the short term at least.
I am thinking the different subnets may be part of the problem but the internal lan gateways are all default class c masks.

The only problem with leaving this server on the Adsl gateway is it prevents the Sonicwall VPN clients from reaching files on this server.  If I could solve this I wouldnt mind leaving the gateway on the Adsl.

Anyone any idea why I cannot change this gateway back?  I have left it for 20 minutes leaving the network down hoping something would update and start picking it up again, but leaving ping to the gateway 192.168.10.3 only ever gets an occasional reply and does not start routing properly again.

Any advice appreciated.

Jess
Avatar of jessmca
jessmca

ASKER

This is the minimum configuration, I am stuck with the fiber link between two buildings so between the two switches cannot easily change.

I'm not sure how much help I can be, but I think you can have multiple gateways enabled on a NIC in Win 2000, XP, 2003.  It's under advanced TCP/IP properties.
go to network settings, edit the properties of the network card, edit properties of tcp/ip, and go to advanced.  Add both 192.168.10.203 and 192.168.10.3 to the default gateway and you should see it start to work...  If that doesn't, post a comment back and I will try to talk you through setting up some routing.

Avatar of jessmca

ASKER

Sorry for not posting sooner.

Rebooting the server sorted things again.  Any ideas how a windows tcp problem coiuld bring down the whole network?  It was as if it was drawing all traffic to itself overriding the real gateways.?!?!?!

It would be helpful to be more specific about the problems you saw when you say "bring dowh the who network"...  It likely is the DNS server for the network, and if systems could not communicate with it, and vice versa, it could have easily caused internet to no longer be accessible, and many network resources for reasons of location services (DNS) and authentication etc.
Once you have made changes, try pinging addresses on the local network, the firewall and the dsl box, and try pinging google.com.  See what the results are once having tried that.
Avatar of jessmca

ASKER

Hi chawcheskew,

When I said "bring dowh the who network" I meant all ethernet traffic was unable to reach the internet.  Computers on the same switch could reach each other by pinging their ip address, but not see the ip address of any compiuter not directly connected to the same switch.  DNS only worked onbviously on the machines that could communicate with the DNS server and only for domains on the dns server or its cache.  

Windows has screwed up :(
Imagine that :)

I just dont know what has caused it to and may just hope that it doesnt happen again

My advice, if something isnt working as it should that does'nt make sense, reboot windows.  Fixes so many problems.  
Avatar of jessmca

ASKER

Even better, computers directly connected to the other switch which the gateway to the Internet was onm could reach it ok when the switch with the dodgy windows box on it was disconnected, but then linked again, stopped computers from reaching the gateway.  

So the windows box must have been reporting itself as the gateway for the whole network, possibly spamming the network with addresses from the full class c changing the switches arp tables and stopping things working.

If you can think of a better possible cause, you can have the points.  The problem was found pulling cables and testing pings to the gateway until I limited it to when one cable was plugged in again.  Restarting the windows box fixed the problem which has not returned thus far anyway.  Touch wood  :)
While it is supposed to be impossible, I have had one case where I had duplicate mac addresses, and that caused a similar situation, though, it sounds more like a layer 3 problem since the problem status changes as you change layer 3 configs.

What is the subnet mask used by the hosts on the two switches?  What about the DSL box, the Windows server, and the Firewall, what are their masks?

Can you check the windows server and see if it has any Routing enabled.  From what I see it doesn't seem that would be appropriate, but it is possible that routing could be enabled on the Windows box.

I'm still brainstorming and will get back to you.

p.s. excellent detail on the troubleshooting!  Thx!
Avatar of jessmca

ASKER

All masks are the same /24 on all devices.
No additional routing services on the windows box, it is used for file sharing and IIS is running for the website.

There is a cisco router connected directly to the other switch which is in a different building.  This is a leased line connection.
The switch with the servers is in the new building which has an Adsl modem / router connected via a Unix gateway / firewall box.

There is nat on the Unix box to the windows server that went wonky.  Since restarting, everything has worked ok so the problem could be recreated and will hopefully remain that way.  :)

As traffic on both buildings which are connected via fiber link between two Intel 510 switches were effected imediately, I believe it was a layer 2 problem and duplicate mac addresses wouild certainly fit with what happened.  How did this happen in your case?  

If the windows server started reporting its ip address as the gateway, which was its old gateway as I had changed this to the Unix servers ip address.  If the switches ended up with both mac addresses to the same gateway ip?!?!?

It was the fiber link between the two switches going down that triggered this off.  I did try restarting the swtich closest to the windows server to no avail.

Would be interested in this duplicate mac address problem you experienced as this could be getting nearer to the answer. :)

Jess


Avatar of jessmca

ASKER

Could not be recreated I meant :)
ASKER CERTIFIED SOLUTION
Avatar of chawcheskew
chawcheskew

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of jessmca

ASKER

Hi chawcheskew,

I recall when changing network cards and allocating the same ip address, windows throws a warning that the ip address is linked to another card it has stored in registry somewhere.  While this card was not changed and never had the gateway ip address allocated to it, it used to be the gateway.

When the fibre link failed, it could no longer reach this ip address and perhaps in looking for somehow linked it to itself.  

Anyway, I think your last post is as close as we will likely  get.

Thanks for you efforts, you deserve the points.

Jess
thanks for the points!