Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Routing with two WAN connections; I have a problem.

Posted on 2006-04-06
11
Medium Priority
?
212 Views
Last Modified: 2013-11-30
The story goes like this,   I had an Internet T1 dropped into two office locations and a VPN between them for office traffic. This worked well when all the equipment was PC based.  Then we went to Terminal Server and Thin Clients.  The TS was in one office.  So now, all TS traffic and internet traffic was sharing the same T1 in the main office. It was slow for web browsing, but not the office app, which is a terminal session to a unix server.

I decided ti bring in a high speed DSL line into the main office and setup my sonicwall tz170 at the main office to use the WAN port for the DSL and the OPT port for the T1; to have the Internet traffic go out to the WAN port and all VPN traffic go out the OPT port.  This seems to be working... but it is slower than molasses, for both browsing and the terminal app.

I'm concerned that my routing is not set up right.  I only understand enough to get myself in trouble so I am looking for some guidance on how to diagnose and resolve this.

Here is the routing table from the SW in the main office:
Destination Network Subnet Mask Gateway Address Destination Link
0.0.0.0 0.0.0.0 216.144.221.77 WAN
66.103.225.128 255.255.255.248 0.0.0.0 OPT
132.147.160.0 255.255.255.128 0.0.0.0 LAN
132.147.160.100 255.255.255.255 0.0.0.0 LAN
216.144.221.76 255.255.255.252 0.0.0.0 WAN
216.144.221.77 255.255.255.255 0.0.0.0 WAN
216.144.221.78 255.255.255.255 0.0.0.0 LAN/OPT
255.255.255.255 255.255.255.255 0.0.0.0 LAN


I can provide any other info needed.

Thanks.
Jason
0
Comment
Question by:jasgot
  • 5
  • 4
10 Comments
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16396752
"seems to be working" - no it probably is not.
Several limitations here - windows cannot "multi-home" a connection to the internet, they could not get it to work, so they removed ability of ANY windows version to use 2 routes to internet, it cannot do it.  Each windows machine, server or client, can only use one route.  Now since terminal services relies on windows, the terminals can only use whatever route the terminal server is using - but you can split terminal services between 2 servers (even a WS) and they will use whatever route the server is using.

Another limitation, because the way a sonicwall "backfeeds" the internet feed for firewall, it cant work with two routes to internet.  You might have got part working on one T1 and part on the other, by splitting servers to each route, but now you add ADSL, you have third problem.  ADSL not have a true IP and the routing is different than T1, so now you have a situation where the new DSL route is not "real" as far as server is concerned, therefore it automatically default to the T1 it knows to be secure IP, DNS & etc.
0
 

Author Comment

by:jasgot
ID: 16396957
The T1 (only one is in play here) and the DSL are both on the 'other' side of the Sonicwall Firewall. Windows only knows one route and one gateway.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16397104
It would help to put the correct gateways in the routing table.
FOr the WAN, use the IP address of the ADSL modem (192,168,0,1?)
For the LAN, use the IP address of the unix server.
Both of these would fill in the 3rd column of 0s in your routing table.
If the DSL is VDSL, put in the DNS server that the VDSL modem connects to.
This might eliminate thrashing, but dont know if it will speed up the VPN or not.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 

Author Comment

by:jasgot
ID: 16397205
Are you say to put them into the Sonicwall's table?

Also I don;t know where you are going with the dsl stuff, My DSL is a 5 static IP router. I do not know what VDSL is....
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16397576
ADSL is true telephone DSL, VDSL is cable over telephone emulation, they are very different animals.
Yes, put the gateways in the routing table, you have four sets of numbers, use them to the max --

Destination Network       Subnet Mask         Gateway Address        Destination Link

You have most filled in but the gateway, this might radically improve LAN speed, since the sonicwall doesnt have to go searching for the gateway for each packet request, it might not change much.  The sonic setup is hard to test without actually being in front of it, so you will have to fill in the right values for these.  Most DSL routers default to a 192.168.0.1 gateway, you may have changed it, but give the real gateway for this, rather than its DNS gateway (VDSL is the opposite).  FOr the T1, give the real IP address the T1 is connected to for the gateway (as you would a cable modem).  Hope this makes sense.

If you have 5 static IPs for the DSL, what are you using them for?  Did you know you can use them for different gateways to different systems with different functions, e.g. unix terminal server vs. windows server?
0
 

Author Comment

by:jasgot
ID: 16399637
when you say use the gateway of the dsl or T1, do mean use the dsl modem's address as the gateway for the sonicwall? or do you mean use the same  gateway that the dsl modem or T1 Router uses, which I presume is actually at the ISP network ops center (and on another subnet)?

Let me give you the ip scheme for the dsl and t1:

DSL
Router IP: 216.144.203.176
Subnet Mask: 255.255.255.252

T1
Router IP: 66.103.225.129
Subnet Mask: 255.255.255.248
GW: 216.234.102.29 ( I do know that this address is at the ISP )

I would like to learn more about the static ips for the dsl as different gateways, I have never heard of that, it sounds interesting.

0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16401210
Destination Network       Subnet Mask         Gateway Address        Destination Link

 66.103.225.129 ?          255.255.255.248    66.103.225.129              OPT/T1
 (132? address)             255.255.255.252    216.144.203.176            WAN/DSL

Seems to me thats how it should be setup.  Since you are not using T1 for internet, you dont want the destination network as the T1 ISP, but you do need the ISP address (DNS servers for example) of the DSL provider, and you can get this by looking at config in the DSL modem.

The gateway for the local network to get to the internet should be the DSL router address, and the network should be the "WAN" i.e. the internet.
With T1, the destination network should be your own internal network, the gateway is the T1 router.
Hope this makes sense and I am not confusing you.  If this does not help, I suggest calling the DSL provider for the IPs they have assigned you and use them for a static IP for at least one or more servers, That will help with correct routing and VPN.  Also, you might ask this question again to see if any one else has different ideas for sonicwall setup.  Im not sure why the multiple entires you listed at start are needed.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16687994
I think the experts who contributed to this question provided more than the normal level of support.  YOu can refund if you want, but the question is, is the questioner just trying to get out of the question or was he seriously interested in a solution.  You decide, mod.
0
 

Author Comment

by:jasgot
ID: 16689647
That's quite an accusation you are throwing out there, Scrathyboy. The experts may have put a lot of thought into their comments, but none provided anything other than confirmation of the existing configuration. The solution was to bring in a P2P T1.
0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16715897
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question