Windows 2008 r2 Routing Issue

I have a Windows 2008 r2 host that is sitting  on a DMZ with a cisco router(connected to an MPLS network) plugged directly into the same subnet as the 2008 r2 host (192.168.100.x).  The inside interface is connected to my internal network on a 172.28.6.x; the DMZ is 192.168.100.x and the oustide interface is connected to to the Internet.  The cisco router has an ip of 192.168.100.250; the internal gateway for the DMZ is 192.168.100.252.    

Initially I had no routing issues and from the Windows 2008 r2 host I was able to get to my inside network; get out to the internet and traverse the MPLS network over the cisco router.  While I was troubleshooting an issue over the MPLS I changed the gateway of the Windows 2008 r2 host to point the gateway to the cisco router 192.168.100.250.  Once I changed the default gateway back to the firewall 192.168.100.252 I lost the ability to route from the Windows 2008 r2 hosts to the Internet and Inside network.  When I do a traceroute to the Internet it's first hop is the cisco router 192.168.250.0.  It seems like the traffic is not being directed to the default gateway and is instead using arp tables to route the traffic to the Cisco router.  

I've read some tech articles that relate to Windows issues with HSRP but I can't nail this specific issue down.  My next step is to try to disable the Cisco port.
shanemccutchAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soulja53 6F 75 6C 6A 61 Commented:
Have you attempted clearing the arp cache on your windows server?
0
shanemccutchAuthor Commented:
Yes I have multiple times and every time I run a tracert to an external host 8.8.8.8 it tries to route out the 192.168.100.250 address and updates the arp cache again on the host.   I have disabled icmp redirect on the Windows host via the registry and that did nothing.  I tested adding a static route on the host to 8.8.8.8 to point to my default gateway and that works.  I also added a static route to my internal network and that worked as well.
0
Soulja53 6F 75 6C 6A 61 Commented:
Ha, that was my next suggestion is the add the persistent routes. I had assumed you already had done so since you have multiple nics in that box.


Do you have a static default route configured on the server to point to the firewall?
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

shanemccutchAuthor Commented:
There is only one network card in the server.  I have manually added the route to the default gateway as a static route.  I'm still seeing traffic destined for the Internet go through the 192.168.100.250 router.  The only way I can get Internet bound traffic to route out the default gateway is to put host based routing 8.8.8.8 255.255.255.255 as a static route.  I'll try to flush the arp tables on the router tomorrow but it looks like it's dynamically discovering the routes to the 250 router on it's own.

Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
       172.28.0.0      255.255.0.0  192.168.100.252       1
          0.0.0.0          0.0.0.0  192.168.100.252       1
          0.0.0.0          0.0.0.0    192.168.100.3  Defaul
          0.0.0.0          0.0.0.0  192.168.100.252       1
0
Soulja53 6F 75 6C 6A 61 Commented:
Ok so if you only have one nic, you will need to set the default gateway to the firewall for that nic. Any other network you want to get to through another path will have to be added as a static route and setting that router address as the next hop.
0
shanemccutchAuthor Commented:
That's how I have it set up now.  My gateway on that host is 192.168.100.252; even though that is defined as the default gateway the traffic destined for the Internet is being sent to 192.168.100.250.
0
Soulja53 6F 75 6C 6A 61 Commented:
post your entire route print.
0
shanemccutchAuthor Commented:
Here it is. I sanitized my external IP on my firewall.  To reiterate this host is on the same subnet as a firewall (192.168.100.252) and a cisco 1941 router (192.168.100.250).  Is the Cisco router arping out the routes?  



==========================================================================
Interface List
 19...ac 16 2d 6f de 80 ......HP Network Team #1
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link     192.168.100.3    257
          0.0.0.0          0.0.0.0  192.168.100.252    192.168.100.3      2
       24.x.x.x    255.255.255.255  192.168.100.252    192.168.100.3      2
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       172.28.0.0      255.255.0.0  192.168.100.252    192.168.100.3      2
    192.168.100.0    255.255.255.0         On-link     192.168.100.3    257
    192.168.100.3  255.255.255.255         On-link     192.168.100.3    257
  192.168.100.255  255.255.255.255         On-link     192.168.100.3    257
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.100.3    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.100.3    257
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
       172.28.0.0      255.255.0.0  192.168.100.252       1
          0.0.0.0          0.0.0.0  192.168.100.252       1
          0.0.0.0          0.0.0.0    192.168.100.3  Default
          0.0.0.0          0.0.0.0  192.168.100.252       1
       24.x.x.x    255.255.255.255  192.168.100.252       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
Soulja53 6F 75 6C 6A 61 Commented:
Can you tell me which ip's are which in the above?
0
shanemccutchAuthor Commented:
No problem.

192.168.100.3 is the Windows 2008 r2 host
192168.0.252 is the firewall and default gateway
172.28.0.0 is my internal entwork
the 24.x.x.x is a mail host that I'm targeting from the windows 2008 r2 host

If I try to perform a traceroute to 8.8.8.8 it will first hop to 192.168.100.250 and update the arp cache on the windows 2008 r2 host.  If I put a static route in for 8.8.8.8 on the windows host to point to 192.168.100.252 it will route properly.  

I have con call with Verizon shortly so I'll see if they can take a look at the router to see if its configured for ip-redirect on the inside interface, does that sound like it could cause the issue?

Thanks for your help.
0
Soulja53 6F 75 6C 6A 61 Commented:
Is your server's nic card default gateway set to point to the firewall. In it's ip configuration?

ICMP redirect would happen on your firewall if you are thinking that the traffic would redirect to the router, so it would need to be configured on the firewall.
0
shanemccutchAuthor Commented:
Yes, the server's nic is pointed to the firewall as it's default gateway.   I'll pull the router connection tomorrow to see if that resolves the issue.
0
shanemccutchAuthor Commented:
Disabled dead gateway detection via the registry and rebooted.  Lost all network connectivity including all ip config.  Re entered the ip config; re enabled dead gateway detection and it's working now.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Soulja53 6F 75 6C 6A 61 Commented:
Haha that's a pretty important piece of info you left out . Good luck!
0
shanemccutchAuthor Commented:
Enabled dead gateway detection.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.