• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 144
  • Last Modified:

Routing traffic in my Network.

Hello,

In my Network I have 2 different gateways. Lets call it A and B. A is a firewall and B is a NetScreen device.
To A is attached a Server (S1) which runs SMTP and a VPN Server. Through B I am connected to my Corporate WAN which also gives us access to our emails.

I have another server S2 running some databases. A user connects to our Network via VPN through the INternet and gets access to Server S2. However, with the same connection he does not get access to the Corporate email.

When I change the Default Gateway on Server S1 to that of B, then the user is able to access the corporate emails as well as access the databases on Server S2. But, the down side of this is that the SMTP service on S1 does not seem to be up. (tried telnet from a machine on the internet which did not work)

Is there a way where I can achieve all three - 1. Access Databases on S2, 2. Access corporate emails via the WAN and 3. Keep the SMTP service on S1 in a working mode.

Thanks,
Praveen.
0
rpraveen
Asked:
rpraveen
  • 4
  • 2
1 Solution
 
Rob WilliamsCommented:
How does the remote user connect, i.e. is it through a VPN connection to the Netscreen? If the remote user has an IP in a different subnet, which they likely do, and both servers are on the same subnet, you can likely resolve with a Route command. Incoming packets have to go back out through the same router/gateway, but they are sent to the default gateway.....by default.

Example:
Remote user subnet = 192.168.1.0
Corporate subnet     = 192.168.123.0
Gateway VPN user is connecting through = 192.168.123.254
Add to S1, the sever they cannot connect to, from a command line:
route  add  -p  192.168.1.0  mask  255.255.255.0  192.168.123.254  metric  2
   (may not need the metric 2, you don't with XP or 2003 but I don't remember with 2000. Regardless will not hurt)
to remove the new route, if needed:
route  delete  192.168.1.0
to display routing table:
route  print
0
 
Rob WilliamsCommented:
rpraveen, were you able to make use of the route add command?
--Rob
0
 
rpraveenAuthor Commented:
I am Sorry Rob, I was unable to try your suggestion as I was out of office. I have just returned and I am looking into this now. I will try out your suggestion.

Many Thanks
Praveen.
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
Rob WilliamsCommented:
Thanks for the update rpraveen, good luck with it.
--Rob
0
 
rpraveenAuthor Commented:
Hi Rob,

I tried the command but it would not add. However, let I would like to clarify that the remote user connects using VPN only to Server S1. Once he connects to the S1 server, he accesses the LAN successfully. The LAN is looking at the Netscreen device for the access to the WAN, which is what is not happening for the remote user.

Please advice.

Thanks and Regards,
Praveen.
0
 
Rob WilliamsCommented:
I think I have a little better understanding now. Assuming the following example:

remote user 192.168.1.101                      Corporate WAN  192.168.200.0
               |                                                                    |
  firewall 192.168.123.254                           Netscreen  192.168.123.253
               |                                                                    |
   S1 server 192.168.123                                                 |
                |______________________________________|

A) I don't think it is possible to do this. Normally you cannot route the VPN traffic to another subnet, but possibly with the 2 gateways it may work
B ) try the following route command on the S1 server, leaving it's firewall (not the NetScreen, as the default gateway). If it doesn't work you can remove as per the instructions in my first post  (adding the -p option above will make it persistent):
route  add  192.168.200.0  mask  255.255.255.0   192.168.123.253
                 ^remote subnet        ^matching mask  ^gateway to access corporate WAN
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now