Need help with T1 line with multiple static IP addresses and Windows routing
Posted on 2008-10-05
I have a T1 line that has 6 available public addresses adn I am trying to setup two distinct routers that connect to a Windows 2003 Active Directory domain. However, only only one router at once can access the internal Windows domain depending on the gateway I assign to the server that is acting as a main gateway. I tried two different approaches without any luck. Here they are:
Scenario 1: Router 1 has a public address of xxx.xxx.xxx.203 and a private address of 172.16.16.1. Router 1 also have forwarded ports 3389 and 1723 to my main Windows server 172.16.16.4. Router 2 has a public address of xxx.xxx.xxx.204 and a private address of 172.16.16.2. Router 2 also have forwarded ports 3389 and 1723 to my main Windows server 172.16.16.4. Both routers are connected into the same internal segment, along with the server (in a unique switch) The Windows server uses 172.16.16.1 for a gateway and also has routing and remote access activated (including ip routing). Result: I can only access this server (Remote Desktop and pptp) by using connection to router 1. Router 2 won't accept connections. However, both routers can be ping successfully from an internal and remote location (with their respective public and private address).
Scenario 2: I made a variant to the scenario above where I created two separate segments (172.16.16 and 172.16.17 and assigned each of the routers an address in each segment, with same public addresses as above). Router 1 now has private address 172.16.16.1 and router 2 has private address 126.96.36.199. A second network card was installed into the Windows server. Windows server now has 2 ip addresses: 172.16.16.4 and 172.16.17.4. Default gateway on server is 172.16.16.1. Router 1 now forwards ports to 172.16.16.4 while router 2 forwards ports to 172.16.17.4. Windows server is running Routing an remote access (with IP routing). Result: same as above. I can only connect through router that the server is using as a default gateway. If I change default gateway on server to router 2, then only router 2 can access RDP and pptp.
Question: Why can't I access remotely the same server at once by using the two routers with two separate public addresses when I can ping successfully both routers from both external and internal locations (with their respective public and private address)? Some route missing somewhere? What is the benefit of having multiple public static addresses in this context?
Note: I am trying to establish a proof of concept for a scenario where I will need to use two distinct routers.