Link to home
Start Free TrialLog in
Avatar of Paul Cahoon
Paul Cahoon

asked on

Routing issues

I have a Windows 2012 R2 Server that I seem to be having some routing issues with.  I can ping addresses and dns seems to be resolving correctly but I cannot browse to anything.  I am also having trouble with a command line smtp client not working which is what clued me in that there was a problem.  When I run tracert all I get is *   *   * ...etc.  I am not sure where to go from here.

Something else I noticed is that on another machine that IS able to browse fine, I ran a tracert.  Right after the hop to my gateway, I see a hop to an OLD router.  I actually changed the whole subnet of my network when I changed routers so it jumped out at me.  I'm not sure if this is related or not but it kind of concerns me why this address would be showing up.
Avatar of pjam
pjam
Flag of United States of America image

have you tried ipconfig /flushdns on the errant server?
Avatar of Paul Cahoon
Paul Cahoon

ASKER

I had not because I wasn't really looking at it as a dns issue.  I did try it just now and it didn't make any difference.
Avatar of giltjr
IF you are doing a tracert and you see an "old" IP address, I would start with doing "netstat -rn" on the computer that fails and the one that works.  Look at the differences.  Then go to each device in the path to see what its routing tables look like.

If you can ping a host, but can't access a web server running on it, then it has nothing to do with routing.  Routing is as the IP address level and has no clue about the application level (port).  It sounds more like a firewall is blocking http or https traffic.
I have turned the firewall completely off on this server in troubleshooting.  My gateway has a firewall but it is not blocking anything on egress at this point.  Also, everything other workstation/server is going through the same firewall without any issues.  I have attached the netstat -rn from both machines:
User generated imageUser generated imageAlso, here is the tracert on the workstation.  The 2nd line is my old gateway address:
User generated imageAgain, this workstation is connecting fine but wasn't sure if that was something I should worry about.
ASKER CERTIFIED SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That did it.  I don't understand why the 25.0.0.1 route needs to be a higher metric, though.  That is a vpn adapter.  I would think it would need to hit the primary nic first.  Any explanation would be appreciated as is the helpful solution.
In most cases when you have a VPN connection there are two options:  

1) It is the default route and take the lowest metric so that all traffic gets routed through the VPN.

2) It is not the default route and specific routes are added for any/all subnets that need to be routed through the VPN.  This is called split tunneling.