Win2012 Std dual-homed with 2 routers for IP Persistence

Thank you for reading our posting.

We have a Win2012 Std server that has 2 network cards, going to two different routers on two different subnets (where ever the request comes in, we want it to go back out).
Server: SERVER
IP 1:   gw:
IP 2:    gw:
If someone gets port forwarded on IP1 to the server, their request should return back out that network gateway. But if someone requests port forwarding on IP2 those requests should return back out only that network gateway.
This way we can host from two separate internet IP's, back into either network card.
Currently IP1 works great. but everything on IP2 just hangs or intermittently works.

IDEAS: we weren't sure if this was proper:
- setup RRAS, set default static routes, but this didn't help
- perhaps this is called "IP Persistence" ?? we can't find anything on setting that on the network cards in windows 2012
- WE JUST WANT THE REQUESTS WHEN THEY COME IN ON ONE NETWORK CARD TO ALWAYS GO BACK OUT THE SAME NETWORK CARD (we tried by adding RRAS and static routes but that didn't help maybe we didn't set it up correctly)
Who is Participating?
Hypercat (Deb)Connect With a Mentor Commented:
You can't have two default gateways; this is basic routing.  Set one network to have the default gateway, then set a static route for the other network to make sure that all traffic on that network goes out through the correct router.
plexusdevAuthor Commented:
This is possible. RRAS is one way to do it but we can't seem to get it functioning. Or to have persistence return on the network card per IP. Thats how bandwidth sharing works on multi-WAN routers
Craig BeckCommented:
It won't work.

Let's say you have a default gateway configured on NIC1, but a static default route configured for the link via NIC2.

ALL traffic would follow either ONLY the default gateway or via the static default route - whichever had the lowest metric.  Usually this is the static route, but it doesn't always have to be.

Multi-WAN routers maintain a NAT translation table which tells the router which port the request came in on, and to which destination.  When the packet returns from the internal host with the reverse source and destination the router knows which interface to send the packet out of, thus maintaining the correct traffic-path.  With client devices this doesn't happen though as there is no translation table.  All you get with a client device is a lookup in its routing table.  It checks how to get to a particular host, then sends the traffic based on the result - it's that simple.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

I concur with craigbeck, you'll need a multi-wan router to handle what you are trying to do.
plexusdevAuthor Commented:
hmm, ok thank you so much for both reviewing, and eenookami for reelevating. I had seen this before a couple years ago so perhaps if I ever do find it I will come post it. Appologizes
Fred MarshallPrincipalCommented:
Just be careful that the multi-WAN router will actually behave as suggested.

For example:
The Cisco RV0xx series of Small Business Routers are Dual WAN.
The WANs can be set up to work in "Load Balancing" mode or "Failover" mode.
You would only use Load Balancing mode in your case.
The issue here is whether packets will be returned to the appropriate WAN port.
I can think of any number of reasons why this must be the case but can't prove it.
So I would exercise a little caution in selecting the device.
Perhaps someone can explain why it MUST work for fundamental and not device-specific reasons.

Of course, the suggestion involves dealing with the site internet gateway which may also be the site firewall which may be one of the more expensive and complex items.  So, depending on what you would need to do, this could be a fairly substantial change and the RV0xx may not suffice.
Craig BeckCommented:
The issue here is whether packets will be returned to the appropriate WAN port.
I can think of any number of reasons why this must be the case but can't prove it.
When the packet leaves the WAN port toward the internet that is the source address.  When the internet host sends the traffic back toward the router it will always send the traffic back to the source address.

The issue is actually different to that.  When the client's packet enters the WAN router from the LAN, the WAN router decides which WAN port to send the packet out of (in load-balancing mode).  This could be either port and is usually completely random.  This does strange things to your traffic, but mainly it's bad for TCP-based traffic such as HTTPS (SSL).

As an example, let's say you have a WAN router with two links to the internet; WAN1 is and WAN2 is

A client tries to get to a HTTPS site.  The first packet goes via to the webserver.  The webserver logs the connection and login in a server-side cookie.  Now, the WAN router gets a bit of load on WAN1 and decides to start sending some traffic from the client via WAN2.  That means that the webserver doesn't know about a connection from (the new source address) so it redirects the client back to the login page.

Connection broken!

You see the issue?

It's not a problem for UDP traffic though as that is connectionless (not tracked).
Fred MarshallPrincipalCommented:
craigbeck: I guess you agree then with the caution.

Yes.  Those are good examples.  Often https is tied to a single WAN to avoid this type of disruption.  Probably means the RV0xx is not the right multi-WAN device then for this application if I understand it.
Craig BeckCommented:
Absolutely agree - and it's better to go with a router which can 'fix' which interface certain types of traffic uses.
Rob WilliamsCommented:
Just to add, if addressing specifically the RV0xx series, or at least the RV042 I don't believe you can access (use port forwarding) on the WAN2 connection.  Only WAN1 accepts incoming traffic as I recall.  I Am not as familiar with the newer firmware, perhaps it is possible with it.
Fred MarshallPrincipalCommented:
On the RV0xx, as far as I know, it depends which dual-WAN mode it's set in.  If it's set in Smart Link Backup (i.e. failover) mode then it will only be getting incoming traffic and sending outgoing traffic through one of the WAN ports.  Which one is sometimes hard to know or control even when one is designated the Primary.  (I've had them switch to the Secondary to never return to the Primary).

But, if it's in Load Balance mode then both WAN ports will work and port forwarding is all about the LAN ports really isn't it?  It shouldn't matter which WAN port the traffic comes in on in that case.  But, if you tell me it ain't so then I would likely believe you because these little devices are a bit strange.  Maybe it would be that way to alleviate the issue of WAN swapping .. which is the next subject:

Then, if it's in Load Balance, you can bind protocols each to one of the WANs.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.