krmis
asked on
Can u have 2 Gateways on a scope for DHCP server on Windows 2003?
I have a Windows 2003 server which is providing DHCP addresses to client machines. I have just installed a backup circuit from a different ISP. So now I have 2 different ISPs coming into my location. Because of certain equipment and my setup I have need to now point everyone to a new gateway. However if the primary router fails the users will no longer be able to browse the internet because their gateway will be pointing to the new router.
I would like to add an additional gateway in my DHCP server settings so that if the primary route goes down they will be able to go to the other gateway. Is this possible with Windows 2003? Can you have 2 gateways in a DHCP scope? If the first gateway does not get them out to the internet will it automatically fail over to the 2nd gateway in the scope?
I would like to add an additional gateway in my DHCP server settings so that if the primary route goes down they will be able to go to the other gateway. Is this possible with Windows 2003? Can you have 2 gateways in a DHCP scope? If the first gateway does not get them out to the internet will it automatically fail over to the 2nd gateway in the scope?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What if the gateway does respond but the default route does not go anywhere will it than fail over?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To the best of my knowledge, no it will not. Only if the gateway/router is unavailable. Basically you would have to unplug the router to force the switch-over.
It's not an ideal solution for managing multiple ISP's.
It's not an ideal solution for managing multiple ISP's.
There is absolutly no point in having multiple default gateways unless you have a multi-homed PC (ie one with IP addresses on 2 different subnets, you cannot assign multiple gateways to act as backups in case one is down.
BTW the fact that you cannot have 'failover gateways' is not a limitation of Windows - its the way that TCP/IP works.
KCTS I believe multiple gateways on the same network adapter works, in theory, though not that well in practice, but I would agree you could not have multiple default gateways with multiple adapters on different subnets. Using the multiple gateways with DHCP will assign different metrics to the same network adapter, allowing only the the first to be used. The second would only be used in the event that the first were not available.
ASKER
The scope and the gateways are on the same subnet. Because I'm using a Cisco Pix and Cisco router across a IPsec VPN tunnel dymanic routing will not work. That is why I'm trying to add a second gateway in windows should the Cisco router die clients will not get out to the internet because the default gateway points to the PIX. I want users to be able to get out to the internet if that Cisco router dies. This usually highly unlikely but the redundancy is still needed.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should be able to use HSRP in Cisco so that the second router takes over the first router's IP should it fail.
More on HSRP:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm
More on HSRP:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm
>>"you appear to be correct "
That's a first for me :-)
Agree 100% though, having 2 default gateways "available" will not work. The assumption with the 2 supplied by DHCP, is the metrics will only allow 1 available at a time.
Have you come across any better ways to handle multiple ISP's KCTS, only one I am familiar with that works well, is the dual WAN routers. The multiple gateway option is flaky at best. Looking at your profile, I am assuming "you have been around the block a few times". Have you stumbled on any other solutions. It's a common question.
Cheers !
--Rob
That's a first for me :-)
Agree 100% though, having 2 default gateways "available" will not work. The assumption with the 2 supplied by DHCP, is the metrics will only allow 1 available at a time.
Have you come across any better ways to handle multiple ISP's KCTS, only one I am familiar with that works well, is the dual WAN routers. The multiple gateway option is flaky at best. Looking at your profile, I am assuming "you have been around the block a few times". Have you stumbled on any other solutions. It's a common question.
Cheers !
--Rob
Sorry, didn't refresh before posting. Netman66's solution looks far more stable and professional, given the provided hardware.
ASKER
To Netman66:
HSRP would be great but I have one router and one PIX. The pix handles one circuit and the router handles another. The pix will not send routes out the same interface it learns it from. It also can't do dynamic routing because an IPSEC tunnel will not send multicast traffic across a VPN tunnel so the pix and router will never learn about the remote networks across the tunnel. Which I need it to learn. A way around this is to create GRE tunnel which will send a routing protocol across an IPSEC tunnel. But the PIX can't do GRE tunnels.
I'm also using the two circuits for backup and redundancy for VPN tunnels back to our corporate location. So the router will be the primary route for VPN tunnel back to corporate the PIX will be the backup for the VPN tunnel back to our corporate location. Also were using one circuit for internet traffic and the other primary for VPN traffic. Its not a plain vanilla solution.
They way I'm reading HSRP you need to routers not a router and a pix? Am I wrong in thinking this is correct?
HSRP would be great but I have one router and one PIX. The pix handles one circuit and the router handles another. The pix will not send routes out the same interface it learns it from. It also can't do dynamic routing because an IPSEC tunnel will not send multicast traffic across a VPN tunnel so the pix and router will never learn about the remote networks across the tunnel. Which I need it to learn. A way around this is to create GRE tunnel which will send a routing protocol across an IPSEC tunnel. But the PIX can't do GRE tunnels.
I'm also using the two circuits for backup and redundancy for VPN tunnels back to our corporate location. So the router will be the primary route for VPN tunnel back to corporate the PIX will be the backup for the VPN tunnel back to our corporate location. Also were using one circuit for internet traffic and the other primary for VPN traffic. Its not a plain vanilla solution.
They way I'm reading HSRP you need to routers not a router and a pix? Am I wrong in thinking this is correct?
You're partially correct (I think!).
I'm not sure if PIX supports HSRP in the new software or not, but I know who will.
Hang on.
I'm not sure if PIX supports HSRP in the new software or not, but I know who will.
Hang on.
ASKER
Just a side note my pix will not support version 7.0 which is another issue that I face. Thanks for getting the infomation for me.
I think you can use the PIX as the failover from the router, but you'll likely not be able to failover the other way if using HSRP.
This may be enough though.
This may be enough though.
Thanks krmis, for the points.
If Netman66's option looks like it will be of some assistance, perhaps you should re-open the question and further split the points, as it might be your best option.
Cheers !
--Rob
If Netman66's option looks like it will be of some assistance, perhaps you should re-open the question and further split the points, as it might be your best option.
Cheers !
--Rob
HTH
Toni