We help IT Professionals succeed at work.

RDP with Dual Routers?

mkuetzing
mkuetzing asked
on
715 Views
Last Modified: 2013-11-21
Is it possible to setup a Remote Desktop connection through either of two Linksys RV082 routers that feed the same internal subnet?  One RV082 is the primary router/gateway, say at 192.168.1.1 and the second is a "backup" at 192.168.1.2.  The basic need for this is to be able to establish remote access if the primary router/gateway fails for any reason.

In trying this and observing that a Remote Desktop connection times out when attempting to connect to the backup router, it occurred to me that the issue is that the XP target has a default gateway pointing only to the primary router:  thus, a connection request is made through one ip (say 192.168.1.2), but the response is made through 192.168.1.1.  So, I setup the (normally unused & disabled) second NIC on the XP target to have its gateway pointing to 192.168.1.2.   But of course,  XP still has the default gateway at 192.168.1.1.

So, if it is possible to setup each NIC to point to its intended gateway?  is this the entire issue?  And, if it is possible to do what I want, how do I set this up?

Comment
Watch Question

Todd GerbertSenior Engineer
CERTIFIED EXPERT
Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
GiladnCTO/CIO
CERTIFIED EXPERT

Commented:
When you use dual nics and static ip address nic 1 will use router 1 as gateway and nic 2 use router 2 as a gateway,  after you configured port forwarding on both routers(or what it might be on  your routers) try to pull the plug from the default gateway and rdp through the secondary router to check if it works..

 
Todd GerbertSenior Engineer
CERTIFIED EXPERT
Top Expert 2010

Commented:
When you use dual nics and static ip address nic 1 will use router 1 as gateway and nic 2 use router 2 as a gateway

That is incorrect.  The default gateway is the router used when the destination of an outbound IP packet has no other matching route, and by definition there can be only 1 default.  When the PC is responding to an incoming RDP request on NIC2 all that is known is that an outbound packet needs to go to 70.55.6.1 (the IP address where the RDP connection originated); the routing table is consulted and since there is no specific route matching that address it is sent via the default gateway.  The TCP/IP subsystem has no way of knowing this outbound packet is associated with an earlier inbound packet, or which NIC that earlier packet was received on, thus it cannot give preference to one NIC or the other and simply follows the rules in the routing table (which in this case is to go out via the default gateway).

When you configure the gateway on multiple NICs Windows has some sort of mechanism for choosing one gateway as the default route.  Additional configured gateways are setup as default routes with higher metric and thus will never be used, unless the first configured default route becomes unavailable.

http://support.microsoft.com/kb/157025
GiladnCTO/CIO
CERTIFIED EXPERT

Commented:
tgerbert you are right, though I think he should still try despite the fact that Microsoft warns about dual gateways I have encountered 0 errors using this method when defining metric as 2 on tcp\ip properties .

p.s

Open Network settings on your dual card machine.
In TCP Settings.. Click on Advanced .. at the bottom you'll see a
setting for Interface Metric.  Interface Metric defaults to 1.
Set it to more than 1 for the card you don't want your machine to
route thru..
System will use the lowest cost interface card out of your machine..
Having a higher Interface Metric on your WAN card will avoid use of
that card for Internet..
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
correction....

pathtest.bat
:defineprimary
route delete 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1

:primary
ping -n 1 4.2.2.1|find "Reply"
if errorlevel=1 goto definebackup
goto primary

:definebackup
route delete 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.1.2


:backup
ping -n 1 4.2.2.1|find "Reply"
if errorlevel=1 goto defineprimary
goto backup
:end



Todd GerbertSenior Engineer
CERTIFIED EXPERT
Top Expert 2010

Commented:
I think there are two issues here...

1. Configuring and testing the backup router: You can add a static route on the PC you're RDP'ing into to make sure traffic destined for the PC you're RDP'ing from, or easier yet just change the default gateway on the PC to 192.168.1.2.

2. Changing the default route on PC's when the primary router fails.  It's going to be hard to really make this seamless and automatic, but if you simply add a default route to 192.168.1.2 with a higher metric than the default route to 192.168.1.1 - then when Windows is unable to use 192.168.1.1 it should automatically switch to 192.168.1.2 on it's own.  This is dead gateway detection, which is discussed in the Microsoft article I posted a link to in my comment above (http:#34123847).  I'm not sure if Windows will ever switch itself back to the primary on it's own, so there will be some intervention required (though I suppose you could just unplug the backup and as PC's discover that one's unusable Windows should go back to the beginning of the list of default routes).

Commented:
if the objective is to automatically fail over to a backup gateway in the event of a primary gateway failure 'for any reason' as described in the original post, I suggest 'for any reason' may include an upstream failure such as the ISP.  if this is the case, metrics and dead gateway detection would not be sufficient as the gateway would remain online.  ping tests to reliable hosts via specific route paths should be a better gauge of a router's reliability than checks to see if the router itself is online.

That said, I recognize a looping batch script (as suggested by me above) is not likely a best practice either; however, I believe it does accommodate fail over and fail back automatically.
The simplest, and I'm sure most approved way, would be to run a multi-wan firewall behind your dual routers. (this is what I have) Where both routers DMZ to separate external interfaces on the firewall, but the firewall has only one internal interface (gateway) address. Allows you to configure WAN failover settings, and works for much more than just RDP...

This allows you to set just one gateway on all your clients, just use one nic, and decomplicates all of the above... Only limiting factor would be your budget for this exercise...

Author

Commented:
eviljester -

Are you willing to describe the hardware/software that you used to build the firewall you described?  For example, is this a commercially available applicance?  Or, is this another PC-box with three NIC's and an intricate Linux setup to manage everything?



This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for everyone's comments

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.