how do you configure dual gateways on dual NICs under win2k3 ?

Hi
I have a very frustrating issue with win2k3 network configuration.
I have a dell PE1950 server with dual nics. 1 nic is on address 192.168.10.10, mask 255.255.255.0 default gateway 192.168.10.1 ( the cisco firewall vlan address) this interface is 1:1 natted from an external internet address.
The 2nd nic is on 192.168.210.10 mask 255.255.255.0 default gateway 192.168.210.1 (another vlan address on cisco firewall)
Both nics are on a l3 switch on different vlans and the .1Q trunk port going to the cisco firewall.

The first nic is to handle all external web traffic and be isolated from the internal data network. the 2nd nic carries all data from the internal servers.

Problem..... intermittiently good old win2k3 drops one of the gateways. it maybe a hour a day a week before it does this. I understand that win2k3 only likes to have 1 default gateway (after I have dug around) but can you use persistant routing to force 210.0 traffic out of the other nic rather than using the default gateway. I have tried setting up routes but nothing seems to work.

if I re-add the gateway address after windows drops it - everything works again.... for while.

I'm sure you can do this or are dual nics just for redundancy rather than true split networking ?

Many thanks in adanve
diveleaderAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

noctotCommented:
If all of your LAN devices are on the same subnet (192.168.210.0/24) as the second NIC then it won't matter if the server drops the gateway for that NIC. The server doesn't need a gateway to address packets locally.

To test this, wait until the GW has been dropped and then check traffic on the 2nd NIC while one of your local users is heavily utilizing the connection. You should see traffic on the 2nd NIC.
0
diveleaderAuthor Commented:
I thought the same but when I set the static routes up the firewall complains with SYN flags on the non natted inside interface. It the moment I have managed to add static routes of:
0.0.0.0 mask 0.0.0.0 gw 192.168.210.1 interface 192.168.210.10 and
0.0.0.0 mask 0.0.0.0 gw 192.168.10.1 interface 192.168.10.10
I then removed the default gw from the 2nd nic in the net. cnfg screen.
rebooted and got an interesting result. ip config showed their to still be default gateways on both interfaces even though net config didn't...

If I ping each of the gateways (10.1 and 210.1) I see that it now goes out of each respective nic as the packet count changes depending on the gateway being pinged.

If I attempt to connect to a same network device (rem desktop) on 10. the firewall throws a an error with SYN flags on interface even though they are on the same net segment and shouldn't go throughthe firewall. the interface given in the error is same for both devices so an access list shouldn't apply... Should it?

I need 2 nics as the external web server will be in a cluster and will run unicast otherwise I would redo the desgin to eliminate the other nic....

thanks
mark
0
wazoo9000Commented:
you cant have 2 default gateways, but you dont really need two.  you would only need a default gateway on the LAN segment since all traffic coming from your firewall is natted and thus on a single subnet.  if i were you i would pick subnets that are more drastically different for one and try just putting the default gateway on the lan segment.  if traffic comes in from the outside it should know how to get back out. ill keep thinking but let me know if this works.
0
diveleaderAuthor Commented:
I think I have got round the problem by adding a few persistant routes for all internal traffic.

This process is not a bug within win2k3 but conforms to the rfc. In linux / unix environements there is more flexibility as to the configuration of multiple NICS.

Windows server does not disjoint NICS under the OS, rather it decides which gateway to use (if there are more than 1) after calculating traffic flows.

Problem now sorted but thanks to all who helped and good luck to those planning multihomed networks under windows server

mark
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.