Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Routing on Windows 2003 SBS Network

Posted on 2006-05-07
18
Medium Priority
?
346 Views
Last Modified: 2013-11-30
I took over a Windows 2003 SBS network with about 60 PCs. I connect to the internet through a Sonic Wall TZ 170 out through a DSL line. We have some ASP software that we use that has a specific IP address at the local hospital that is done by a shortcut on the desktop. When the ASP software is run it goes out over a T1 that the local hospital provides. I cant fighure out how this routing is happening. I dont see any reference to it in the Sonic Wall. The admin at the hospital said that the outbound traffic come to his router first and then if it is not to his specific IP address it is returned back to the Sonic Router to go out via the DSL. Where would something like this be configured so I can learn about it?
0
Comment
Question by:signaltracker
  • 7
  • 5
  • 4
  • +2
18 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16627328
May be configured on the connecting computer (if not the SBS) or the SBS itself. You could run from a command line:
  route  print
to display the local routing table. If you need a hand understanding it, post the results here.
0
 
LVL 1

Expert Comment

by:iworkiworkiwork
ID: 16627618
what type of system is on the other end? server, a vpn endpoint for the sonicwall on your end? also check your routing and remote access on your sbs, and check the type of allowed traffice on your tz170 that may help as well.
0
 
LVL 11

Expert Comment

by:grsteed
ID: 16628081
As RobWill said, check the routing table for an entry for the network/IP address that it's using.

It that doesn't tell you, try running a traceroute command from the PC that has the ASP software to the IP address that it's using.

c:\> tracert xx.xx.xx.xx

This may tell you which device it's doing the routing.

Gary
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16687105
If you post an IPCONFIG /ALL here we can check your configuration.  Post the complete one from both the Server and a workstation.  While there is nothing in an IPCONFIG that would compromise security, you may want to slightly edit it for privacy purposes.  If you choose to do that, please only replace the last two octets of a Public IP Address with ***.*** and the first part of the domain name can be replaced with *******.

Jeff
TechSoEasy
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16757094
signaltracker, did you want to post the results of Route Print and/or IPconfig /all for us to have a look at?
--Rob
0
 

Author Comment

by:signaltracker
ID: 16760002
Yes I will. Thanks All. Sorry I have not done it yet I had a Doctors Office get hit with a virus and have been cleaning up the mess. I will post the results here this week because I really need to understand this. Thanks again
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16760011
Sounds good. No rush,
--Rob
0
 

Author Comment

by:signaltracker
ID: 16804483
This is the route Print from the server

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 c0 9f 61 91 d7 ...... Intel(R) PRO/1000 XT Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0                10.250.1.254       10.250.1.10     20
       10.250.1.0    255.255.255.0      10.250.1.10      10.250.1.10     20
      10.250.1.10      255.255.255.255    127.0.0.1        127.0.0.1     20
     10.255.255.255  255.255.255.255      10.250.1.10      10.250.1.10     20
        127.0.0.0        255.0.0.0            127.0.0.1               127.0.0.1      1
      169.254.0.0      255.255.0.0      10.250.1.10          10.250.1.10      1
      192.0.0.192  255.255.255.255      10.250.1.10      10.250.1.10      1
        224.0.0.0        240.0.0.0            10.250.1.10        10.250.1.10     20
  255.255.255.255  255.255.255.255      10.250.1.10      10.250.1.10      1
Default Gateway:      10.250.1.254
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:signaltracker
ID: 16804606
10.250.1.254 is the sonic wall



pcoWindows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : *****specsav.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : *****specsav.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connection
   Physical Address. . . . . . . . . : 00-C0-9F-61-91-D7
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.250.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.250.1.254
   DNS Servers . . . . . . . . . . . : 216.76.74.10
                                       216.76.74.11
   Primary WINS Server . . . . . . . : 10.250.1.10

nfig on router

Tracert on a workstaion revealed the following:

1. <1ms 10.250.1.1
2. <2ms 192.168.1.9
3. <3ms 172.15.0.12

the last one being the ip address of the asp server  (looks to me like this is the tracert is the most revealing) but tell me wht you see

thanks all
0
 

Author Comment

by:signaltracker
ID: 16804635

I am not sure of waht that 192.168.1.9 is. I know its private and apparently on the network, but I tried to open its interface and could not. I can ping it though. I am wondering if it is the cisco router connected to the T1. Here is what I think happens. Outbound traffic go to the hospitals cisco router. If the traffic is for 172.15.0.12 (asp software) it goes through the cisco router onto the T1. If it is any other outbound IP address the cisco router redirects traffic back to the sonic wall router. Is my thinking correct here? How can I see it from the postings I have shown?

Thanks
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 16806115
First, I'd be rather surprised that ANY of the SBS-included services actually work with this configuraiton since they are so reliant on internal DNS.  (such as SharePoint, Fax Service, etc).  Generally you don't want to have any external IP's in your NIC's DNS Server configuration... those would be entered as your "forwarders" when you run the CEICW (Configure Email and Internet Connection Wizard).

But the existance of the Cisco Router helps to figure this out... because you didn't mention it before, and I was wondering how you have 60 PC's plugged into a SonicWall TZ 170.  How many ports is the router?  What is it's model number?

Are there any other pieces of equipment in the network topology?  You have a T-1 Line to the hospital, but is there another Internet Connection?

If that's all there is, and the Cisco is the main hub of what's happening, then you need to get into the Cisco's interface and print out it's rules.  If it's a PIX then it's completely programmable.  I'd assume that it's interface is on either 192.168.1.1 or 192.168.1.2.

This all seems a bit complicated, and as I said, would make me wonder if you are able to gain much of the value of having an SBS.

Jeff
TechSoEasy
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 16806701
I agree with Jeff regarding the DNS !!!!

>>"but tell me wht you see"
I would say you have the local server/PC on LAN 10.x.x.x connected by the Sonicwall to another router VIA the 192.x.x.x subnet, which in turn is connected to the ASP server on the 172.x.x.x subnet.

However, since it now appears you have multiple routers, a DSL and a T1, static routes added to the server, and multiple private LAN's, I would recommend talking to your admins. I don't mean to "pass the buck" but you mentioned earlier "The admin at the hospital said that the outbound traffic....".   It would appear they have configured it, and would have a much better understanding, than us guessing at the configuration.

0
 

Author Comment

by:signaltracker
ID: 16871592
Thanks for all the info. I took over this little project so none of it was my reccomendations. I am still learning all the ropes (finished MCSE courses). As for the Sonic Wall it is a TZ 170 with unlimited nodes, you can buy them that way, I have purchased 2 already for others. The preivous admin did not run the EICW so he must have known there was going to be issues, It prompts me on occasion to run it, but everything runs fine. Nothing is wrong, but the buck will stop with me and I need to know whats is what when the inevitable crash comes. The hospital admin is a real jerk. I can't stand dealing with him. He is on one of those GOd power trips and any question you ask him is a stupid one, so I was trying to do this with out his help. I cant ask the previous admin becasue they were a different company and they certainly would love to see me fall on my face (which ain't gonna happen).

Interesting to know the part about SBS, it all seems to run fine though so it must be pretty robust. have been to several Microsoft put on seminars and they really push SBS for the small business market. I have it running in my lab and I like it so far, but obviously it aint for everyone, only small business segment.


 
But thanks for all the info

Joe
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16871749
Thanks Joe,
--Rob
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16872752
Joe, Good Luck!

Just an FYI... SBS was not designed for MCSE's so while that may be an important goal for you to achieve most of what you learn to become an MCSE are things that can actually damage or break an SBS network if they are applied.  One of the main things you learn in enterprise computing is that you NEVER would put all of the roles and services that are in SBS in a single box.  But obviously some pretty bright engineers figured out how to do just that... as long as those who deploy and manage them follow the rules and RTFM!  :-)  

(That comment may be directed a bit more towards MCSE's in general than at you... so don't take it personally... but do read http://sbsurl.com/itpro).

Jeff
TechSoEasy
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16872842
One of my first memories of Expert-Exchange was reading;  
  "SBS is not Server 2003....SBS is not Server 2003....SBS is not server 2003"
or something to that effect  :-)    
Took me a couple of years to appreciate how true it was, even though I had been using NT SBS for years. Still don't understand it, but I do appreciate the difference.

--Rob
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16872914
:-)  That was it!

In case you missed this question... it's a good overview of "why".  http:Q_21831460.html

Jeff
TechSoEasy
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16874567
I'll have to save that link. I could be reading for a year with all the linked information.  :-)
I only have a couple of clients with SBS but I agree, it is a great product, and I don't think I have broken anything in the last couple of years since I started using wizards. :-)  I must say you have to change your mindset a bit when working on it, rather than 2003 Std. However, that is not a bad thing as it is a "well oiled machine".
Thanks for the link,
--Rob
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question