Solved

Persistant VPN using RRAS on Server 2003 and ISA 2006 routing question

Posted on 2009-05-07
9
590 Views
Last Modified: 2012-05-06
Is it possible to route a persistant vpn connection on MS Server 2003 with ISA 2006 to a different nic then the default internet one?  The server I have has 3 nics.  One is internal lan 192.168.222.x (Named LAN).  the other is the Internet (named Quest). and the 3rd which is the one I want to route through is called (Bresnan).  The Branch office works fine.  When the persistant conneciton is made and I monitor packets, Bresnan is receiving, but not sending, therefore all the packets are going out the Quest adapter.  Attached is the Static routes by default setup by ISA.  Can anyone assist?  I have tried to create different static routes, flush the routing table and reboot, and it starts to work but the connection breaks in about 30 seconds.  thank you in advance!
static-routes.bmp
0
Comment
Question by:dariit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:b_levitt
ID: 24332911
What you have is probably a binding order problem.  Go into the network connections area under control panel and at the top there is an "advanced" menu.  Inside you can reorder your nics so your Bresnan comes before Quest.  I beleive there is also a "metric" property on the adapters themselves.

I'm guessing your default gateway is on the quest network - so a packet you want to go to bresnan doesn't go out the first nic because it's the wrong network entirely.  Quest wouldn't match either, but because it has a gateway it tries to route the packet to the gateway and let it handle it and it never gets a chance to try bresnan.
0
 

Author Comment

by:dariit
ID: 24336536
I will give that a try.  makes sense to change the metric too.  You dont think a static route setup in RRAS would be better?
0
 

Author Comment

by:dariit
ID: 24336758
I checked the provider order and bresnan was first.  I set the metric on the bresnan to 1 and the qwest to 2 and the lan to 1.  the results are the same, no packets going out on the bresnan.  I believe this requires a static route to fix.  Thank you very much though for the suggestion, it was worth the try  :)
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:dariit
ID: 24336811
I am attaching the route table for anyone who may be able to assist me

route-table.bmp
0
 
LVL 11

Expert Comment

by:b_levitt
ID: 24338035
You only need to change the binding order or the metric, you don't need to change both.  I've pasted a screen shot as an example.

Are you trying to get to something that's NOT on the local subnet of bresden?  If so then yes you need a route where the gateway in the route specifies a router on the bresnan network in the interface is the the bresnan IP on your adapter.  But it looks like you have a default gateway specified on ALL your adapters.  I think there's a best practice somewhere that says you should never have multiple default gateways.  In other words the gateway box in your TCP/IP setup should be empty on everything but quest.  Right now, all your traffic is probably going out the first nic in your binding order.  Although if that's Bresnan I'm confused.

From the command line, does a
tracert -d <dest IP address>
give you any hints?

binding-order.jpg
0
 

Author Comment

by:dariit
ID: 24338444
done a tracert, definitely going out the Qwest default internet.  as I said, the provider order has Bresnan 1st, lan 2nd and qwest 3rd.  thinking I should just bye a real router  :)
0
 
LVL 11

Accepted Solution

by:
b_levitt earned 500 total points
ID: 24391852
do a few things for me.  On this server:
"route print" from a command line and paste the results.
"tracert -d xxx.xxx.xxx.xxx" and paste the results.
"ipconfig -all" and paste the results
and paste the same screen from your machine that I have pasted above.
0
 

Author Comment

by:dariit
ID: 24502996
I have come to find out that MS Persistent VPN using more then 2 adapters, there is no way to set routes without breaking the connection.  I have decided to buy Sonicwall TZ 190's.  thanks for your time.
0
 
LVL 11

Expert Comment

by:b_levitt
ID: 24509584
I've never heard of such a thing.  However, I just realized we were never clear on something.  You're worried about traffic being routed thru the VPN over bresnan I think without confirming the traffic to ESTABLISH the vpn is also going over bresnan.  For example if the server you are VPNing to is y.y.y.y have you made sure you've added a route for y.y.y.y to the bresnan interface?
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question