Routing traffic in my Network.


In my Network I have 2 different gateways. Lets call it A and B. A is a firewall and B is a NetScreen device.
To A is attached a Server (S1) which runs SMTP and a VPN Server. Through B I am connected to my Corporate WAN which also gives us access to our emails.

I have another server S2 running some databases. A user connects to our Network via VPN through the INternet and gets access to Server S2. However, with the same connection he does not get access to the Corporate email.

When I change the Default Gateway on Server S1 to that of B, then the user is able to access the corporate emails as well as access the databases on Server S2. But, the down side of this is that the SMTP service on S1 does not seem to be up. (tried telnet from a machine on the internet which did not work)

Is there a way where I can achieve all three - 1. Access Databases on S2, 2. Access corporate emails via the WAN and 3. Keep the SMTP service on S1 in a working mode.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
How does the remote user connect, i.e. is it through a VPN connection to the Netscreen? If the remote user has an IP in a different subnet, which they likely do, and both servers are on the same subnet, you can likely resolve with a Route command. Incoming packets have to go back out through the same router/gateway, but they are sent to the default default.

Remote user subnet =
Corporate subnet     =
Gateway VPN user is connecting through =
Add to S1, the sever they cannot connect to, from a command line:
route  add  -p  mask  metric  2
   (may not need the metric 2, you don't with XP or 2003 but I don't remember with 2000. Regardless will not hurt)
to remove the new route, if needed:
route  delete
to display routing table:
route  print

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
rpraveen, were you able to make use of the route add command?
rpraveenAuthor Commented:
I am Sorry Rob, I was unable to try your suggestion as I was out of office. I have just returned and I am looking into this now. I will try out your suggestion.

Many Thanks
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Rob WilliamsCommented:
Thanks for the update rpraveen, good luck with it.
rpraveenAuthor Commented:
Hi Rob,

I tried the command but it would not add. However, let I would like to clarify that the remote user connects using VPN only to Server S1. Once he connects to the S1 server, he accesses the LAN successfully. The LAN is looking at the Netscreen device for the access to the WAN, which is what is not happening for the remote user.

Please advice.

Thanks and Regards,
Rob WilliamsCommented:
I think I have a little better understanding now. Assuming the following example:

remote user                      Corporate WAN
               |                                                                    |
  firewall                           Netscreen
               |                                                                    |
   S1 server 192.168.123                                                 |

A) I don't think it is possible to do this. Normally you cannot route the VPN traffic to another subnet, but possibly with the 2 gateways it may work
B ) try the following route command on the S1 server, leaving it's firewall (not the NetScreen, as the default gateway). If it doesn't work you can remove as per the instructions in my first post  (adding the -p option above will make it persistent):
route  add  mask
                 ^remote subnet        ^matching mask  ^gateway to access corporate WAN
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.