Announcement

Collapse
No announcement yet.

Routing multiple subnets

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Routing multiple subnets

    OK, I have three sites, each with a separate 192.168.0.x subnet
    (Windows networking)

    A is connected to B by VPN, B to C also by VPN.

    I can route from A to B using ROUTE ADD BNetwork MASK 255.255.255.0 AGateway
    I can route from B to A or C in the same way

    But how can I route from A to C? I have no way of setting up a direct VPN between them (which would be an obvious option but cant be done as the C site is on a dynamic IP and the router at A will only establish VPNs to a static IP)

    I would guess it is something to do with proper subnet masks so B and C are in the same subnet as seen from A, ditto with A and B as seen from C?
    (does this make sense at all -- if not, I will try it with examples.)

    Not helped by the fact that previous admins have more or less arbitrarily chosen the subnets and there is some non-computer equipment with hardcoded IPs!

    Note that in the long term I have to expand this to several more sites

    Aargh!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: Routing multiple subnets

    Forgive me if I'm wrong but it seems to me that you need to add a route on A to C through B and vice versa. Example:

    A = 192.168.1.0/24 - Default Gateway (router) = 192.168.1.1
    B = 192.168.2.0/24 - Default Gateway (router) = 192.168.2.1
    C = 192.168.3.0/24 - Default Gateway (router) = 192.168.3.1

    So on routerA create a route such as:
    "route add 192.168.3.0 mask 255.255.255.0 192.168.2.1"

    And do the same on router C for A.

    I'm using routing terms but since you're connected using VPN's from A to B and from B to C the route additions may need to configured in the VPN such as adding a route from A to C by setting up a route statement that points to that subnet via B's remote ip address (whichever address A connects to on B to make the VPN connection)

    I hope this makes sense. It's easier for me to conceptualize it then explain it.

    Comment


    • #3
      Re: Routing multiple subnets

      Hi Joe,
      I tried that, but Server 2003 only likes a local gateway in the ROUTE ADD command
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Routing multiple subnets

        Sorry to jump in but I think Joe meant for it to be setup on the router not the server.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Routing multiple subnets

          Can you make a drawing of the network?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Routing multiple subnets

            So Server 2003 is the VPN enpoints using RRAS? If so, I believe you can create static routes in the configuration of the RRAS component. It's been awhile since I looked at RRAS so I may be wrong but it's worth a look.

            Comment


            • #7
              Re: Routing multiple subnets

              A = 192.168.1.0/24 - Default Gateway (router) = 192.168.1.1
              B = 192.168.2.0/24 - Default Gateway (router) = 192.168.2.1
              C = 192.168.3.0/24 - Default Gateway (router) = 192.168.3.1

              So on routerA create a route such as:
              "route add 192.168.3.0 mask 255.255.255.0 192.168.2.1"
              I think from Router A the command should be
              "Route add 192.168.1.1 mask 255.255.255.0 192.168.2.1"

              You can even add a metric value (the higher the number, the more priority this route takes).
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Routing multiple subnets

                No, your statement is saying "to get to 192.168.1.1 go through 192.168.2.1" which is not correct. You also have the wrong ip address and mask in your statement.

                192.168.1.1 is a host address and the subnet mask in any routing statement for host addresses should be 255.255.255.255

                But you don't want to route for a host (on the same subnet no less) you want to route for a non-local subnet, which would be a statement like this on router A:

                route add 192.168.3.0 mask 255.255.255.0 192.168.2.1

                What this statement says is "to get to the 192.168.3.0 subnet go through 192.168.2.1" which is a correct routing statement.

                Comment


                • #9
                  Re: Routing multiple subnets

                  No, not RRAS
                  They are configured using a CIsco PIX at the main site and Netgear Prosafe firewalls at the other two.

                  Sketch will follow, but basically

                  Site A (192.16.2.x/24) Netgear Prosafe, dynamic IP for now
                  |
                  |
                  Site B (192.168.0.x/24) Netgear Prosafe, static IP
                  |
                  |
                  Site C (192.168.37.x/24) PIX 506, static IP, main site with FSMO holders

                  My main problem is that, although a DC at site A will replicate with Site B OK, I cannot install AD-integrated DNS as it "cannot contact the FSMO master"
                  Also the PIX, unlike the netgear, will not VPN to a dynamic IP so I cannot put in a direct route (yet...)
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Routing multiple subnets

                    Originally posted by joeqwerty View Post
                    No, your statement is saying "to get to 192.168.1.1 go through 192.168.2.1" which is not correct. You also have the wrong ip address and mask in your statement.

                    192.168.1.1 is a host address and the subnet mask in any routing statement for host addresses should be 255.255.255.255

                    But you don't want to route for a host (on the same subnet no less) you want to route for a non-local subnet, which would be a statement like this on router A:

                    route add 192.168.3.0 mask 255.255.255.0 192.168.2.1

                    What this statement says is "to get to the 192.168.3.0 subnet go through 192.168.2.1" which is a correct routing statement.
                    You right Joe, I do apologise, I completely misjudged it.
                    Caesar's cipher - 3

                    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                    SFX JNRS FC U6 MNGR

                    Comment


                    • #11
                      Re: Routing multiple subnets

                      No need to apologize. Keep your input coming.

                      Comment


                      • #12
                        Re: Routing multiple subnets

                        Tom,

                        Without VPN this isn't possible )
                        You can't route private IP addresses over the Internet, remember
                        So you NEED to setup VPN connections to do this.
                        Think about 70-291

                        Site B and C wouldn't be a problem, however Site A will be a problem without a fixed ip address.

                        However, If the IP won't change a lot you can use the dynamic ip address and make sure you can use ssh to it with DynDNS if this is supported with the netgears.
                        You always can connect to it when needed and change the IP adresses
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Routing multiple subnets

                          I was wondering about apropriate subnetting e.g.

                          Country A
                          Site 1 10.0.0.x/24
                          Site 2 10.0.1.x/24
                          Site 3 10.0.2.x/24

                          Country B
                          Site 4 10.1.0.x/24
                          Site 5 10.1.1.x/24
                          Site 6 10.1.2.x/24

                          If I set up a route from site 1 to site 4 ROUTE ADD 10.1.0.0/16 that should forward all traffic to country B to Site 4, but will a "local route" e.g. ROUTE ADD 10.1.1.0/24 forward the appropriate traffic that has come in from site 1 to site 4 on to site 5?

                          Yes, I remember 70-291, this is getting well out of my comfort zone....

                          Netgears are not the problem, it is the bloody PIX thats doing me....
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Routing multiple subnets

                            How many locations do you have with the appropiate maximum clients (incl expected grow?)

                            As long there is at least one vpn connection between each site, there should be no problem at all to configure this.
                            However, It's nice to have one or two center vpn connections with multiple satelites but this is not a requirement.

                            I think you really should step outside the Microsoft box and not thinking about commands. This is something for later on.
                            You really need to create a design first how you want it and later on you can implement it.

                            This is typically something for a network engineer
                            Last edited by Dumber; 4th July 2008, 12:38.
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment

                            Working...
                            X