Link to home
Start Free TrialLog in
Avatar of mkuetzing
mkuetzing

asked on

RDP with Dual Routers?

Is it possible to setup a Remote Desktop connection through either of two Linksys RV082 routers that feed the same internal subnet?  One RV082 is the primary router/gateway, say at 192.168.1.1 and the second is a "backup" at 192.168.1.2.  The basic need for this is to be able to establish remote access if the primary router/gateway fails for any reason.

In trying this and observing that a Remote Desktop connection times out when attempting to connect to the backup router, it occurred to me that the issue is that the XP target has a default gateway pointing only to the primary router:  thus, a connection request is made through one ip (say 192.168.1.2), but the response is made through 192.168.1.1.  So, I setup the (normally unused & disabled) second NIC on the XP target to have its gateway pointing to 192.168.1.2.   But of course,  XP still has the default gateway at 192.168.1.1.

So, if it is possible to setup each NIC to point to its intended gateway?  is this the entire issue?  And, if it is possible to do what I want, how do I set this up?

SOLUTION
Avatar of Todd Gerbert
Todd Gerbert
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
When you use dual nics and static ip address nic 1 will use router 1 as gateway and nic 2 use router 2 as a gateway,  after you configured port forwarding on both routers(or what it might be on  your routers) try to pull the plug from the default gateway and rdp through the secondary router to check if it works..

 
When you use dual nics and static ip address nic 1 will use router 1 as gateway and nic 2 use router 2 as a gateway

That is incorrect.  The default gateway is the router used when the destination of an outbound IP packet has no other matching route, and by definition there can be only 1 default.  When the PC is responding to an incoming RDP request on NIC2 all that is known is that an outbound packet needs to go to 70.55.6.1 (the IP address where the RDP connection originated); the routing table is consulted and since there is no specific route matching that address it is sent via the default gateway.  The TCP/IP subsystem has no way of knowing this outbound packet is associated with an earlier inbound packet, or which NIC that earlier packet was received on, thus it cannot give preference to one NIC or the other and simply follows the rules in the routing table (which in this case is to go out via the default gateway).

When you configure the gateway on multiple NICs Windows has some sort of mechanism for choosing one gateway as the default route.  Additional configured gateways are setup as default routes with higher metric and thus will never be used, unless the first configured default route becomes unavailable.

http://support.microsoft.com/kb/157025
tgerbert you are right, though I think he should still try despite the fact that Microsoft warns about dual gateways I have encountered 0 errors using this method when defining metric as 2 on tcp\ip properties .

p.s

Open Network settings on your dual card machine.
In TCP Settings.. Click on Advanced .. at the bottom you'll see a
setting for Interface Metric.  Interface Metric defaults to 1.
Set it to more than 1 for the card you don't want your machine to
route thru..
System will use the lowest cost interface card out of your machine..
Having a higher Interface Metric on your WAN card will avoid use of
that card for Internet..
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of fhmc
fhmc

correction....

pathtest.bat
:defineprimary
route delete 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1

:primary
ping -n 1 4.2.2.1|find "Reply"
if errorlevel=1 goto definebackup
goto primary

:definebackup
route delete 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.1.2


:backup
ping -n 1 4.2.2.1|find "Reply"
if errorlevel=1 goto defineprimary
goto backup
:end



I think there are two issues here...

1. Configuring and testing the backup router: You can add a static route on the PC you're RDP'ing into to make sure traffic destined for the PC you're RDP'ing from, or easier yet just change the default gateway on the PC to 192.168.1.2.

2. Changing the default route on PC's when the primary router fails.  It's going to be hard to really make this seamless and automatic, but if you simply add a default route to 192.168.1.2 with a higher metric than the default route to 192.168.1.1 - then when Windows is unable to use 192.168.1.1 it should automatically switch to 192.168.1.2 on it's own.  This is dead gateway detection, which is discussed in the Microsoft article I posted a link to in my comment above (http:#34123847).  I'm not sure if Windows will ever switch itself back to the primary on it's own, so there will be some intervention required (though I suppose you could just unplug the backup and as PC's discover that one's unusable Windows should go back to the beginning of the list of default routes).
if the objective is to automatically fail over to a backup gateway in the event of a primary gateway failure 'for any reason' as described in the original post, I suggest 'for any reason' may include an upstream failure such as the ISP.  if this is the case, metrics and dead gateway detection would not be sufficient as the gateway would remain online.  ping tests to reliable hosts via specific route paths should be a better gauge of a router's reliability than checks to see if the router itself is online.

That said, I recognize a looping batch script (as suggested by me above) is not likely a best practice either; however, I believe it does accommodate fail over and fail back automatically.
The simplest, and I'm sure most approved way, would be to run a multi-wan firewall behind your dual routers. (this is what I have) Where both routers DMZ to separate external interfaces on the firewall, but the firewall has only one internal interface (gateway) address. Allows you to configure WAN failover settings, and works for much more than just RDP...

This allows you to set just one gateway on all your clients, just use one nic, and decomplicates all of the above... Only limiting factor would be your budget for this exercise...
Avatar of mkuetzing

ASKER

eviljester -

Are you willing to describe the hardware/software that you used to build the firewall you described?  For example, is this a commercially available applicance?  Or, is this another PC-box with three NIC's and an intricate Linux setup to manage everything?



ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for everyone's comments