Add 2 public subnets on same server.

Posted on 2015-01-09
Last Modified: 2015-01-09
Our web server has 2 Nics.
A1=Public with GW  
B= private with no GW.

Because our public range is out of IPs I need to add a second nic with new subnet A2 =Second public. This one has a different GW.
I cant have 2 GWs so I need static routes. But its not working.

My A and B still work fine but I cant ping A2 from A1 or vice versa.
I did a test from Another server 2 that only has B and A2 and I can ping both A1 and A2 on server 1.
So its definitively a routing GW issue on between A1 and A2 on server 1.

I think the ping comes on A2 but then goes out the default gw on A1 instead of routing back to A2 interface.

I even specified IF in the route to go back to IF 23 which is A2 but its not working.

Question by:baysysadmin
  • 5
  • 4

Expert Comment

by:Trenton Knew
ID: 40541226
can you give us a `route print`?

Author Comment

ID: 40541248
we have one large public subnet 256 which is broken down into smaller 16 ip subnets.
A1 and A2 are 2 of those smaller public chunks.
The firewall is ASA it has all the smaller subnets configured as virtual interfaces each with their own vlan and GW.
The server has a vmware vnic with matching vlan. Ive confirmed the vmware stuff and asa is working fine.
Its just an issues on this server that has both subnets.

A1 is Public.144 /28 GW is .145
A2 is Public.96 /28 GW is .97 but not assigned on interface

Interface List
 23...00 50 56 91 1b ec ......Intel(R) PRO/1000 MT Network Connection #3      -A2
 11...00 50 56 91 00 1b ......Intel(R) PRO/1000 MT Network Connection #2      -B
 10...00 50 56 91 00 1a ......Intel(R) PRO/1000 MT Network Connection            -A1
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
   Public.145   Public.153    266       PrivateB.1     PrivateB.103     11       PrivateB.1     PrivateB.103     11
       PrivateB.0         On-link      PrivateB.103    266
     PrivateB.103         On-link      PrivateB.103    266
     PrivateB.255         On-link      PrivateB.103    266
    Public.96         On-link    Public.100    266
    Public.96    Public.97   Public.100     11
   Public.100         On-link    Public.100    266
   Public.111         On-link    Public.100    266
   Public.144         On-link    Public.153    266
   Public.153         On-link    Public.153    266
   Public.159         On-link    Public.153    266         On-link    306         On-link    306         On-link    306       PrivateB.1     PrivateB.103     11         On-link    306         On-link      PrivateB.103    266         On-link    Public.153    266         On-link    Public.100    266         On-link    306         On-link      PrivateB.103    266         On-link    Public.153    266         On-link    Public.100    266
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric       PrivateB.1       1       PrivateB.1       1       PrivateB.1       1
   Public.145  Default
    Public.96    Public.97       1


Accepted Solution

Trenton Knew earned 500 total points
ID: 40541273
pardon the idiot question, too, but I'm assuming that you're using the windows server to route the traffic between the two subnets, and that you have installed the routing and remote access server role?
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.


Author Comment

ID: 40541282
No i havent.
I looked into that but wasnt sure if I needed it. I was hoping i could make it work with static routes.
Before you even answered it was looking like i could not make it work without it. I was hoping that there was a command that can tell windows to route the packets back the way they came from in specific cases, instead of using default GW each time.

Is there no way to tell it if a packet comes destined to x.96 subnet to go back out the same interface?

Ive used RRAS for vpn and other things but not for this scenario.
What would be my config like in this case?


Assisted Solution

by:Trenton Knew
Trenton Knew earned 500 total points
ID: 40541295
well, you have two options...  Either the router or ASA needs to be aware of the second subnet on whatever interface that second nic is connected to, (probably vlans and trunks) or you need to install routing and remote access so the windows server will route traffic between the two subnets.  RRAS supports RIP, and a couple others... I'm a little rusty with my RRAS config skills though to help without actually walking through it myself.  Just let me know.  I would probably use the network devices though unless you have a specific need to route through the server.

Expert Comment

by:Trenton Knew
ID: 40541303
On the flip side, the workstations on A2 won't care if there's a gateway set on the server as long as they can reach it and they are on the same subnet.  But you can still use the upstream router to route traffic between the subnets.  I'm still not even sure why you needed the second NIC.  Maybe I don't fully understand the challenge.

Author Comment

ID: 40541308
The main reason Im adding second subnet is because they ran out of public IPs.
The client doesn't want to spent time and or have downtime associated with changing all the IPs to a bigger subnet.

I just installed RRAS on the test server and will play with it. None of the wizard templates related to my case, so i chose custom.
The view now is simple, Routing and remote access is ON. I see network interfaces and the only option i have is to create static routes.
How is creating static routes in RRAS different than doing it in CMD?

Not sure how I would accomplish this on the firewall side.

Using RRAS sucks as I would have to do this on 2 servers.

Expert Comment

by:Trenton Knew
ID: 40541427
here's the thing... even if you set up RRaS on the windows servers, it won't matter if they aren't defined on your workstations as the default gateway.  so If your configured GW on the clients is the router, you will need to create the route between the two subnets on that device anyway.

Author Comment

ID: 40541438
Ive decided to scrap this idea. I will cannibalize the ips from another server to make it last a bit longer.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linksys 4 port wireless router 62 66
Password managers 1 50
Set TTL for a single entry in Server 2016 DNS zone file 2 42
Mapping a folder on a NAS to a drive letter 2 43
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question