[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Add 2 public subnets on same server.

Posted on 2015-01-09
9
Medium Priority
?
115 Views
Last Modified: 2015-01-09
Our web server has 2 Nics.
A1=Public with GW  
B= private with no GW.

Because our public range is out of IPs I need to add a second nic with new subnet A2 =Second public. This one has a different GW.
I cant have 2 GWs so I need static routes. But its not working.

My A and B still work fine but I cant ping A2 from A1 or vice versa.
I did a test from Another server 2 that only has B and A2 and I can ping both A1 and A2 on server 1.
So its definitively a routing GW issue on between A1 and A2 on server 1.

I think the ping comes on A2 but then goes out the default gw on A1 instead of routing back to A2 interface.

I even specified IF in the route to go back to IF 23 which is A2 but its not working.

Thanks
0
Comment
Question by:baysysadmin
  • 5
  • 4
9 Comments
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40541226
can you give us a `route print`?
0
 

Author Comment

by:baysysadmin
ID: 40541248
we have one large public subnet 256 which is broken down into smaller 16 ip subnets.
A1 and A2 are 2 of those smaller public chunks.
The firewall is ASA it has all the smaller subnets configured as virtual interfaces each with their own vlan and GW.
The server has a vmware vnic with matching vlan. Ive confirmed the vmware stuff and asa is working fine.
Its just an issues on this server that has both subnets.


A1 is Public.144 /28 GW is .145
A2 is Public.96 /28 GW is .97 but not assigned on interface



===========================================================================
Interface List
 23...00 50 56 91 1b ec ......Intel(R) PRO/1000 MT Network Connection #3      -A2
 11...00 50 56 91 00 1b ......Intel(R) PRO/1000 MT Network Connection #2      -B
 10...00 50 56 91 00 1a ......Intel(R) PRO/1000 MT Network Connection            -A1
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   Public.145   Public.153    266
        10.10.0.0    255.255.255.0       PrivateB.1     PrivateB.103     11
       10.10.10.0    255.255.255.0       PrivateB.1     PrivateB.103     11
       PrivateB.0    255.255.255.0         On-link      PrivateB.103    266
     PrivateB.103  255.255.255.255         On-link      PrivateB.103    266
     PrivateB.255  255.255.255.255         On-link      PrivateB.103    266
    Public.96  255.255.255.240         On-link    Public.100    266
    Public.96  255.255.255.240    Public.97   Public.100     11
   Public.100  255.255.255.255         On-link    Public.100    266
   Public.111  255.255.255.255         On-link    Public.100    266
   Public.144  255.255.255.240         On-link    Public.153    266
   Public.153  255.255.255.255         On-link    Public.153    266
   Public.159  255.255.255.255         On-link    Public.153    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        172.8.0.0    255.255.255.0       PrivateB.1     PrivateB.103     11
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      PrivateB.103    266
        224.0.0.0        240.0.0.0         On-link    Public.153    266
        224.0.0.0        240.0.0.0         On-link    Public.100    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      PrivateB.103    266
  255.255.255.255  255.255.255.255         On-link    Public.153    266
  255.255.255.255  255.255.255.255         On-link    Public.100    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
        10.10.0.0    255.255.255.0       PrivateB.1       1
       10.10.10.0    255.255.255.0       PrivateB.1       1
        172.8.0.0    255.255.255.0       PrivateB.1       1
          0.0.0.0          0.0.0.0   Public.145  Default
    Public.96  255.255.255.240    Public.97       1
===========================================================================

Thanks
0
 
LVL 9

Accepted Solution

by:
Trenton Knew earned 1500 total points
ID: 40541273
pardon the idiot question, too, but I'm assuming that you're using the windows server to route the traffic between the two subnets, and that you have installed the routing and remote access server role?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:baysysadmin
ID: 40541282
No i havent.
I looked into that but wasnt sure if I needed it. I was hoping i could make it work with static routes.
Before you even answered it was looking like i could not make it work without it. I was hoping that there was a command that can tell windows to route the packets back the way they came from in specific cases, instead of using default GW each time.

Is there no way to tell it if a packet comes destined to x.96 subnet to go back out the same interface?

Ive used RRAS for vpn and other things but not for this scenario.
What would be my config like in this case?

Thanks
0
 
LVL 9

Assisted Solution

by:Trenton Knew
Trenton Knew earned 1500 total points
ID: 40541295
well, you have two options...  Either the router or ASA needs to be aware of the second subnet on whatever interface that second nic is connected to, (probably vlans and trunks) or you need to install routing and remote access so the windows server will route traffic between the two subnets.  RRAS supports RIP, and a couple others... I'm a little rusty with my RRAS config skills though to help without actually walking through it myself.  Just let me know.  I would probably use the network devices though unless you have a specific need to route through the server.
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40541303
On the flip side, the workstations on A2 won't care if there's a gateway set on the server as long as they can reach it and they are on the same subnet.  But you can still use the upstream router to route traffic between the subnets.  I'm still not even sure why you needed the second NIC.  Maybe I don't fully understand the challenge.
0
 

Author Comment

by:baysysadmin
ID: 40541308
The main reason Im adding second subnet is because they ran out of public IPs.
The client doesn't want to spent time and or have downtime associated with changing all the IPs to a bigger subnet.

I just installed RRAS on the test server and will play with it. None of the wizard templates related to my case, so i chose custom.
The view now is simple, Routing and remote access is ON. I see network interfaces and the only option i have is to create static routes.
How is creating static routes in RRAS different than doing it in CMD?


Not sure how I would accomplish this on the firewall side.

Using RRAS sucks as I would have to do this on 2 servers.
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40541427
here's the thing... even if you set up RRaS on the windows servers, it won't matter if they aren't defined on your workstations as the default gateway.  so If your configured GW on the clients is the router, you will need to create the route between the two subnets on that device anyway.
0
 

Author Comment

by:baysysadmin
ID: 40541438
Thanks
Ive decided to scrap this idea. I will cannibalize the ips from another server to make it last a bit longer.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question