Solved

Routing problem with proxy

Posted on 2012-04-09
10
505 Views
Last Modified: 2012-04-09
We have a windows 2008 R2 server acting as a proxy. The proxy software is Wingate 7.

2 nics installed, nic2 for the internet, nic1 for local lan.

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
   Physical Address. . . . . . . . . : 00-14-22-21-14-C1
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : xx.xxx.xxx.xxx(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   Default Gateway . . . . . . . . . : xx.xxx.xxx.xxx
   DNS Servers . . . . . . . . . . . : xx.xxx.xxx.xxx
                                       xx.xxx.xxx.xxx
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-21-14-C0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.10.0.254
   DNS Servers . . . . . . . . . . . : 10.10.0.5
                                       10.10.0.7
   NetBIOS over Tcpip. . . . . . . . : Enabled


10.10.0.254 is our router.
We have 3 offices, each on a seperate subnet with thier own routers. 10.10, 10.20. 10.60.
Each office has thier own router as thier gateway with matching IPs.

The issue we are having is the remote offices cannot use the proxy.
The recommended config is no gateway on the LAN nic. With this blank, the server cannot piny any computers in the remote offices, and they cannot ping back. With the gateway configured, the remote offices can ping the server, but the server cannot ping back. A tracert to a computer in one of the remote offices shows it going out through the internet connection instead of the LAN. Any clues what is wrong here?
0
Comment
Question by:summitMIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 11

Expert Comment

by:emilgas
ID: 37823697
The whole setup has issues. Let's start from the beginning...
How are your remote subnets connected to each other? VPN? T1 or ???
Why don't the other routers have a default gateway?
What's the DHCP, and the gateway at each location?

If you want your 10.10.0.254 to be your gateway at each location then you must specifically tell the DHCP server at each location to assign 10.10.0.254 as the default gateway. Remember you are in charge of your network settings, and if the gateway is missing then that's a separate issue on its own.
0
 

Author Comment

by:summitMIS
ID: 37823722
The remote offices are connected vis T1.
Each remote office has their own gateway, as I said, they use the router in each office as thier gateway. The 10.20 subnet uses 10.20.0.254 as thier gateway, and the 10.60 subnet uses 10.60.0.254 as thier gateway, which are thier routers.
We do not use DHCP.
The gateways are the routers.
We do not want 10.10.0.254 as the gateway in the remote offices, that is our gateway at the main office. Each office has thier own gateway in thier own router.
0
 
LVL 11

Expert Comment

by:emilgas
ID: 37823754
You also mentioned that
A tracert to a computer in one of the remote offices shows it going out through the internet connection instead of the LAN.
What do you meant by this? How many connections do you have at each location? You got Regular internet and T1?
0
Database Solutions Engineer FAQs

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller single-server environments.

 

Author Comment

by:summitMIS
ID: 37823766
The proxy server has 2 connections, 1 for internet, 1 for lan. Each remote office has a single connection to our corporate office where the proxy is located. The problem we are having is not with the connections at the remote offices, it is with the proxy server machine. TYhe proxy server is the only computer that is having issues connectiong to the remote offices, and the only computer the remote offices are having a problem connecting to. All other servers and workstations in all offices can communicate fine.
0
 
LVL 11

Expert Comment

by:emilgas
ID: 37823797
Ok let me put it this way... if you were to turn the Proxy server off, will your remote offices have internet connection? And what kind of an internet connection is the one on the server?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37823880
The main office is using a /16 mask so you have a single network spanning all of the offices. Whilst you cannot put a gateway into the internal nic, you should instead use static route entries that point traffic destined for the respective class C subnets used at the remote offices to the router ip addresses that connect them to the main office.
0
 

Author Comment

by:summitMIS
ID: 37824003
@emilgas,
Yes, if we do not use the proxy, the offices have internet access through our T1 in corporate.
The proxy server is using a cable connection through Cox communications.

@keith_alabaster,
Tried adding the routes, but it did not seem to make any differance, still unable to access either way.
0
 

Author Comment

by:summitMIS
ID: 37824102
@keith_alabaster,
BINGO, it took a reboot, but adding the routes did the trick!
We are up and running again, thanks!
0
 
LVL 11

Expert Comment

by:emilgas
ID: 37824103
that's your problem. you can't have another path to the internet if you want your users to go through the Proxy/Cox. When I say you can't I don't mean physically. Of course you can have multiple internet connections but you have to design it properly. It seems that the initial design of your network was not planned out correctly, or it was not planned with this Cox connection in mind.

Anyways, tell me more about your corporate and how many connection they have, and how all the T1's tie in together, and what kind of routing protocols you use or if everything is statically managed. When you have two routes to the internet then there needs to be more configuration on the corporate core router since you have multiple ways to get out.

Ideally if you had just T1's connecting all your offices together and one internet connection to the outside world via Cox then your setup would have been simpler. You could have just made one default route to the public internet by pointing everything to your Proxy, which in return routes everything to Cox.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37824968
More than welcome :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question