Solved

Cannot reach (ping / http) router in same subnet in multihomed Windows 2003 server

Posted on 2006-06-12
21
640 Views
Last Modified: 2013-11-29
I've got a cable modem hooked to a vonage router which goes to the outside nic in my multihomed Win2K3 sbs server.  The vonage router's ip is 192.168.0.2 and the inside ip scheme is 192.168.0.x  Everything works great, except that I can't get to the vonage router to make any changes or view status of the phone, etc.  I wonder what the experts think.  Here's my routing table and ipconfig:

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 5a 5a ff b9 ...... Linksys LNE100TX Fast Ethernet Adapter(LNE100TX
v4) - Network Load Balancing Filter Device
0x10004 ...00 04 5a 70 6e d2 ...... Linksys NC100 Fast Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.2    192.168.0.201      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.200    192.168.0.200     20
      192.168.0.0    255.255.255.0    192.168.0.201    192.168.0.201     20
    192.168.0.200  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.0.201  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.0.255  255.255.255.255    192.168.0.200    192.168.0.200     20
    192.168.0.255  255.255.255.255    192.168.0.201    192.168.0.201     20
        224.0.0.0        240.0.0.0    192.168.0.200    192.168.0.200     20
        224.0.0.0        240.0.0.0    192.168.0.201    192.168.0.201     20
  255.255.255.255  255.255.255.255    192.168.0.200    192.168.0.200      1
  255.255.255.255  255.255.255.255    192.168.0.201    192.168.0.201      1
Default Gateway:       192.168.0.2
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : mediaserver
   Primary Dns Suffix  . . . . . . . : xxx.yyy.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : xxx.yyy.com
                                       yyy.com

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LN
E100TX v4)
   Physical Address. . . . . . . . . : 00-04-5A-5A-FF-B9
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.0.200
   Primary WINS Server . . . . . . . : 127.0.0.1

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Linksys NC100 Fast Ethernet Adapter
   Physical Address. . . . . . . . . : 00-04-5A-70-6E-D2
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.201
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.2
   DNS Servers . . . . . . . . . . . : 192.168.0.200
   Primary WINS Server . . . . . . . : 192.168.0.200
0
Comment
Question by:ejbman
  • 8
  • 7
  • 4
  • +1
21 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16888962
are you bridging why are both Ethernet ports on the same segment ... you box does not know what interface to send out and recieve the ping on disable one ethernet and see if it starts to work.

Thanks
Scott
0
 
LVL 1

Author Comment

by:ejbman
ID: 16889146
Scott,

It's the auto firewall/vpn setup from Win2K3 SBS - it's set to have an internal and external nic so I can make an https connection to the server from outside.  That does work, by the way.  Also, I can get connectivity from everywhere inside.  The only problem is finding the router (I've only tried from inside).

-Eric
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16889171
then you may want to set static routes in the box kind of weird but should work.

Thanks
Scott
0
 
LVL 1

Author Comment

by:ejbman
ID: 16889247
Scott,

Won't I be compromising security?  What ROUTE ADD statement would you use?

-Eric
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16889284
Eric;

What type of box is this the window's box?  I am making an assertion based on private addressing on the server that there is a NAT device or firewall that is somewhat protecting this?  

You can always use static routes to hosts rather than networks ... as far as security implications there are always those but most of the concern deals with how the box is configured.

Thanks
Scott
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16889286
a Static route to the Vonage router should fix it using a host route and should not compromise much of anything,

Thanks
Scott
0
 
LVL 1

Author Comment

by:ejbman
ID: 16889786
OK, here's where I show off more of my noobness:

I put in a static route of:

Destination: 192.168.0.2  Netmask:  255.255.255.255 (couldn't put in anything less without getting the 'less specific' complaint from windows) Gateway: 192.168.0.200 (inside ip).

Being a non-noob, you probably see immediately why this doesn't work.  Alas, I do not - help!

In answer to the earlier question of how the box is configured: windows manages a simple firewall between 192.168.0.201 and 192.168.0.200 (the outside and inside nic, respectively).  Also, the vonage provides nat between the cable modem and 192.168.0.2.

-Eric
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16889833
Eric;

so the vonage box is the router?  If this is the case I still dont understand why you are not doing this.


(     )
(Inet)--------(Vonage router)------(switch)------PC's and then you setup the vonage router as the default gateway for everything and forget about the
(     )                                                            dual hommed PC or am I missing something here?

0
 
LVL 1

Author Comment

by:ejbman
ID: 16890316
Scotty,

I'm open to suggestions, but what I've set up is:

Where DC = Win2K3 SBS Domain Controller for DNS, DHCP, WINS

(     )
(Inet)----(Vonage router)----[(DC Outside - nic1)--(DC firewall/vpn functionality)--(DC Inside - nic2)]---(switch)---Other PC's
(     )

As far as I know, this is the best way to get the firewall/vpn functionality without buying separate hardware.  Also, because it's integrated with Win2K3 SBS, I get to do things like remote desktop connect and outlook web access from the https interface exposed to Inet.

-Eric
0
 
LVL 1

Expert Comment

by:toynz
ID: 16890757
Your outside NIC and inside NIC should be on different subnets.  And then you let the DC(W2K3) do the routing and firewall.
Having both NIC's on one subnet confuses it completely.
The default route on the Server should be the Vonage router IP.
i.e
Vonage router IP 192.168.1.1/24 (255.255.255.0)
DC Outside NIC1 IP 192.168.1.2/24
DC Inside NIC2 IP  192.168.0.200/24
Server default gateway 192.168.1.1

Brent
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Expert Comment

by:Psyco_666
ID: 16893110
Either that or subnet your 192.168.0.x network. might be a little much effort though, just use seperate class C's!!
0
 
LVL 1

Author Comment

by:ejbman
ID: 16893576
So why do you suppose the Win2K3 server setup wizard chose to keep the subnets the same?  I'm reluctant to change the whole scheme because I may lose the remote connectivity to the server.
0
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16894027
Im not great with W2K3 but from a networking (cisco) background its all wrong. The only reason i can see having 2 nics in the same subnet is if you are doing some sort of load balancing
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16894802
I would have to agree with Psyco; I am not great with windows server but from a networking aspect anytime you cross a device that is some form of gateway be it a proxy, router or some layer 3 device then your subnets should (almost must) change in order for routing to work properly.
0
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16894854
Sorry scotty, my reply was anything but technical (. . . its all wrong . . )

And i cant see how this would benefit any sort of VPN setup. Unless the server is itself acting as a switch and forwarding all traffic from one nic to another - not in this case as they cant see each other.

The reason you cant see the router is that its not on the same phisical segement of the network as the client (inside) expects it to be. If it were outside the 192.168.0.x network it would send the packet to its gateway address and not just onto the wire.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16894919
Psyco;

The only thing I was thinking is routing VS bridging. so I was not looking more technical than that either my initial thought is that the win2k server was doing some form of bridging that would facilitate why you could have 2 NIC's in the same subnet.

Just a thought.

Thanks
Scott
0
 
LVL 1

Expert Comment

by:toynz
ID: 16897856
By changing the outside nic to another subnet shouldn't involve much work.  Just a matter of changing the IP on the vonage router and on the nic.  That should be all you need to do.  And for your remote access you just need the pinhole(port mapping) in the router to point to the new "outside nic" ip address.

Thanks
Brent
0
 
LVL 1

Author Comment

by:ejbman
ID: 16909139
OK, well, I changed the router to 192.168.1.1, the outside ip to 192.168.1.2, the inside ip is still 192.168.0.200.  I re-ran the SBS wizard with those values to make sure it would route things appropriately for the VPN... and sure enough, I lost outside connectivity via the https connection.

Everything inside works, and I can even get to the router now, but I can't get in from outside through the secure channel.

What say the experts?

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.200    192.168.0.200     20
    192.168.0.200  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.0.255  255.255.255.255    192.168.0.200    192.168.0.200     20
      192.168.1.0    255.255.255.0      192.168.1.2      192.168.1.2     20
      192.168.1.2  255.255.255.255        127.0.0.1        127.0.0.1     20
    192.168.1.255  255.255.255.255      192.168.1.2      192.168.1.2     20
        224.0.0.0        240.0.0.0    192.168.0.200    192.168.0.200     20
        224.0.0.0        240.0.0.0      192.168.1.2      192.168.1.2     20
  255.255.255.255  255.255.255.255    192.168.0.200    192.168.0.200      1
  255.255.255.255  255.255.255.255      192.168.1.2      192.168.1.2      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
0
 
LVL 2

Accepted Solution

by:
Psyco_666 earned 500 total points
ID: 16909600
Did you open/ redirect the ports on the routers firewall??
0
 
LVL 1

Author Comment

by:ejbman
ID: 16916240
Oh yeah... duh.  Actually, it's NAT not firewall, but same difference.  Thankx Psycho!  Thanks everyone.
0
 
LVL 1

Author Comment

by:ejbman
ID: 16916262
Ack!  I was trying to split points!  I'll work on that... If not, I'll open a new one just to distribute more.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now