Announcement

Collapse
No announcement yet.

Routing and remote access help!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Routing and remote access help!

    Hi

    first let me introduce myself. My name is keri and im an IT networks engineer consultant in camden and im very happy to be a part of what looks to be an amazing and well informed IT forum.

    my question is this.....

    I am in charge of a WAN which consists of 5 main sites all based in London. Now the each site has 2 adsl line and 2 cisco 800 series routers. The network domain servers (windows 2003 not R2 Edition) are connected thru a vpn via one cisco router at each site. Its based on a star network with the main domain controller in the middle and the other 4 connecting directly back to it. Each site was configured with one network ip range (ie 192.168.200.0/24, 192.168.201.0/24, 192.168.202.0/24, etc etc). The routers can see each other router from the way the vpn has been set up within them - this was done by another 3rd party company). Exchange 2003 is also installed on all servers with certain inboxs homed at each server. The servers also run DFS accross the WAN.

    Let me explain the jobs the routers did......router A (was used for the servers VPN tunnel. It was used for DFS to work, email exchanges and any communications between the other servers. Router B was used for the special internet access for the clients which needed certain protected sites to load (you could just call this internet connection for the users) The servers didnt ever use this line.

    Now before any changed were made the networks were happy, all clients were connected up in their network using dns and dhcp off the server and that was fine. Shared network drives would load up from login. All was good. Now the problem started.....

    a few weeks back our superiors decided to change their lines. Thes meant one of the 2 cisco routers at each site would be removed and replaced by another already programmed router. This meant that the connection the clients used was to be changed from a 192.168.200.x scope to a 10.19.177.x scope. So my issue was to split the networks up on the server by keeping the connection of the 192.168.200.x connection the server needed to talk to the other servers and then also addin the dhcp scope for the 10.19.177.x ip addressing. Among massive conflict issues mainly within DNS i managed to successfully get the new settings to take effect. As far as the clients are concerned, they are logging into their local server with the new 10.19.177.x ip addresses and the server continues to connect with the 19.168.200.x connection. The server can see both networks and ping all devices both on the WAN and in the LAN.

    Now my issue was, becuase of the multi networks at each site and the fact we cant afford to get the routers reprogrammed which are still using the 192 addresses. Users cant route their emails over from one site to the other if their inbox belongs elsewhere......

    So i wanted to ask.....is there a routing proceduce which allows me to patch into the server or the clients so they continue to be happy in their 10.19.177 network but also see the server at the 192.168.200.x address and then at the same time ping the other servers at 192.168.201.x, 192.168.202.x, 192.168.203.x etc etc.

    I know static routes need to be created and because the network which connects the sites is no longer part of the clients network they cant see any of the 192 devices.....I need a solution to be able to route these 10.19.177.x clients to see the 192.168.200/1/2/3/4/.x servers.

    is this possible to do

    Any ideas welcome.....if i dont make sense please ask me what you need to bettwe understand the situation......

    thanks very much....

    all the best

    KERI

  • #2
    Re: Routing and remote access help!

    I guess this ones too difficult for a quick solution.....

    thanks anyways.....gona use microsofts references.....

    Comment


    • #3
      Re: Routing and remote access help!

      Hi,

      From what I understand that ur each servers are connected to both networks 10.19.177.x and one of the 192.168.20*.* . You could enble RAS on the Servers and create static routes to the networks. Maybe before you create routes check the routing table in RAS.

      Comment


      • #4
        Re: Routing and remote access help!

        Originally posted by KeriKhaos View Post
        I guess this ones too difficult for a quick solution.....
        not so. its just a holiday weekend.

        if you have two separate subnets (like 10.199.15.xx and 192.168.100.xx) and you want to be able to ping both from the same console, then just install 2 NICs, placing one on the 192 and the other on the 10... i have several servers set up in a similar fashion.

        as far as the clients... is there some way you can create routes via the cisco? like maybe you can overlap 2 VLANs... or possibly NAT the internal connections. you need some way to isolate the stations that you want to route to the other side.

        if i were better with cisco i could give you a better plan.. sorry. maybe someone else will chime in...
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment


        • #5
          Re: Routing and remote access help!

          Originally posted by virgel View Post
          Hi,

          From what I understand that ur each servers are connected to both networks 10.19.177.x and one of the 192.168.20*.* . You could enble RAS on the Servers and create static routes to the networks. Maybe before you create routes check the routing table in RAS.
          you sort of have the right idea......let me clarify....

          the clients are now on a 10.19.17x.xxx network and the server has 2 nics....at each location.....the servers have a nic for the 10.19.17x.xxx network and the 192.168.20x.xxx networks. Just the clients are on the 10.xxx networks. The locations have 2 routers tho...one using the 10.xxx and the other the 192. The servers use the 192 router to talk to the other domain controllers. This works fine thru the cisco vpn......no RRAS needed.

          Now my problem is since the migration forced us to move one router to the 10.xxx networks for the client internet usuage they now no longer see the WAN on the 182.xxx networks. The servers are fine as they have 2 nics. I need for the clients to be able to send a request to the server and then use the other nic configured for 192.xxx to jump to the other 192.xxx server networks. i dont need them to see the other 10.xxx clients. They just need to see all of the servers on the 192 networks.

          How would i go about setting up RRAS. it is installed but not configured. For the clients to make the jump what would i need to add in???....

          the server address are (nic 1 -192.168.200.11 and for nic 2 - 10.19.177.2)
          the other server addresses at the other locations are 192.168.201.2, 192.168.202.2, 192.168.203.2 and 192.168.203.2 all on class C subnets. The 192 ip addresses are also using the gateways which are the cosco routers on the vpn setup and they are the same ip as the server but ending with 254.....

          hope this makes more sense for my solution....im aware RRAS is needed but was thinking how to apply this safely to the servers and also if possibly we could get in a small XP client to do the routing for us intead of the server...?????

          hope to hear from you soon

          All the best

          Keri

          Comment


          • #6
            Re: Routing and remote access help!

            Hi,

            I stop think that XP has the feature to act as a router. In your sitition enabling the server as a router will not cause any harm, it will simply just pass traffic between the to networks. If you enable the server as a router, I dont think that you will need to create static routes.

            To configure Windows Server 2003 to act as a router for your LAN:

            1. Open the Routing and Remote Access snap-in from the Administrative Tools folder of your Start menu.
            2. Right-click the server in the left-hand pane and press Configure and Enable Routing and Remote Access.
            3. Click Next and select custom configuration .
            4. Select LAN Routing , then next and finish.
            4. Right-click the server and press Properties.
            5. Select the General tab and verify that the Router check box and option are set and correct.

            The Server should be a router now. In the Routing and Remote Access console expand the server, the expand IP Routing. Right click on Static Routes and click on Show IP Routing Table. This should show routing tables for both networks.

            If this should cause any problems, which I think it will not, You can right click on the Server and disable Routing and Remote Access .

            Hopes this helps.

            Comment


            • #7
              Re: Routing and remote access help!

              Originally posted by virgel View Post
              Hi,

              I stop think that XP has the feature to act as a router. In your sitition enabling the server as a router will not cause any harm, it will simply just pass traffic between the to networks. If you enable the server as a router, I dont think that you will need to create static routes.

              To configure Windows Server 2003 to act as a router for your LAN:

              1. Open the Routing and Remote Access snap-in from the Administrative Tools folder of your Start menu.
              2. Right-click the server in the left-hand pane and press Configure and Enable Routing and Remote Access.
              3. Click Next and select custom configuration .
              4. Select LAN Routing , then next and finish.
              4. Right-click the server and press Properties.
              5. Select the General tab and verify that the Router check box and option are set and correct.

              The Server should be a router now. In the Routing and Remote Access console expand the server, the expand IP Routing. Right click on Static Routes and click on Show IP Routing Table. This should show routing tables for both networks.

              If this should cause any problems, which I think it will not, You can right click on the Server and disable Routing and Remote Access .

              Hopes this helps.
              Hi

              thanks for the instructions but thats the bit im already up to and stomped....sicne each location has 2 different LANS, i can just just manage to see the static routes which are both networks on the server end. However.....the clients still cant see the servers 2nd network or any of the 192 networks outside of the lan. I ned them to be able to use the server to route to the 192 network inside the location and the 192 networks outside the locations. What kind of static routes will i need, the format and how many if i have 5 sites???

              Thanks....

              Keri

              Comment


              • #8
                Re: Routing and remote access help!

                Hi,

                Lets take from the top, All servers can reach the 192.168.20*.*/24 networks as well their internal lan(10.*.*.* network)What is the clients gateway? Is the server the clients gateway? Can you do print out of the routing table on the server?

                Comment


                • #9
                  Re: Routing and remote access help!

                  Originally posted by virgel View Post
                  Hi,

                  Lets take from the top, All servers can reach the 192.168.20*.*/24 networks as well their internal lan(10.*.*.* network)What is the clients gateway? Is the server the clients gateway? Can you do print out of the routing table on the server?
                  Hi,

                  ok from the top....

                  all servers can see eachother on the different 192 WAN networks. This is done however i believe from the configuration of the cisco routing and vpn. The server does not use the clients gateway and ony uses its own gateway......so in fact terms.... there are 2 gateways per location. One for the clients 10.19.17x.254 and the server gateways which are 192.168.20x.254. The server has nothing to do with the 10 gateway as it doesnt use that for anything plus you cant have 2 gateways on a single server anyways or its trouble.

                  so ideally since the clients and the server use different gateways and the gateway needed for the routing is on the 192 networks i need those client to somehow hop over to the server on the 10 network, then the server route them over to the 192 networks. The same for each site......

                  i have attached the routing table for the main server...

                  hope this helps

                  Keri
                  Attached Files

                  Comment


                  • #10
                    Re: Routing and remote access help!

                    Ok, on the 10.19.177.0/24 network:=

                    on the clients' gateway you can add a route to the 192.168.20x.x network via durovnik server. eg route add 192.168.20x.x mask 255.255.255.0 10.19.177.2

                    I take it that the client's gateway is also on th 10.19.177.0/24 network. Can you also do a route print on the client pc. (eg in cmd: route print >c:\route.txt)

                    Comment


                    • #11
                      Re: Routing and remote access help!

                      Originally posted by virgel View Post
                      Ok, on the 10.19.177.0/24 network:=

                      on the clients' gateway you can add a route to the 192.168.20x.x network via durovnik server. eg route add 192.168.20x.x mask 255.255.255.0 10.19.177.2

                      I take it that the client's gateway is also on th 10.19.177.0/24 network. Can you also do a route print on the client pc. (eg in cmd: route print >c:\route.txt)
                      I will be at work in a few mins so i can try there.....what do you mean add the route to the clients gateway....you mean add this as a static batch file "192.168.20x.x mask 255.255.255.0 10.19.177.2 " to the actual clients and not the server?

                      Taking note that i cant modify any of the cisco setting either as these were setup by 3rd party IT people no longer on our contract.

                      Please tell me exactly where to apply the changes you mentioned....and i will get you a copy of the routing table off one of the 10 network clients...

                      thanks again for the help

                      Keri

                      Comment


                      • #12
                        Re: Routing and remote access help!

                        What ever server or device that the clients uses as a DEFAULT GATEWAY, you will need to add that route. The client's gateway does know how to travel to the 192.x.x.x subnet.

                        AS A TEST on your pc, if you add 10.19.177.2 as you default gateway will be able to reach those 192x.x.x, provide that 10.19.177.2 can reach that subnets.

                        Comment


                        • #13
                          Re: Routing and remote access help!

                          Originally posted by virgel View Post
                          What ever server or device that the clients uses as a DEFAULT GATEWAY, you will need to add that route. The client's gateway does know how to travel to the 192.x.x.x subnet.

                          AS A TEST on your pc, if you add 10.19.177.2 as you default gateway will be able to reach those 192x.x.x, provide that 10.19.177.2 can reach that subnets.
                          Hi again,

                          im not sure what you mean......the clients already have the default gateway as the 10.19.177.254 to reach their own internet this is sent thru a pre configured DHCP server (same server) which also includes dns forwarders and which gateway to use to the internet. Other than that the client machines get their ip dynamically, same with all their other tcp setting....

                          the only thing i can think of you want me to do is write a small static route file (which you mentioned above) and run it on the client pcs to create a persistent static route. At the moment the clients do not use the server for internet, they are being told to use a default gateway via the dhcp.....

                          to sum up to what it is you want me to do.....

                          you want me to change the default gateway settings so instead the client sees the 10.19.177.254 gateway they see the server insead at 10.19.177.2

                          so when the clientstry accessing another network the server will then forward the request using RRAS.

                          But what happens to the net usage? I dont want the clients to use the 192 internet connection for their programs and browsing.....just need them to discover the other servers.

                          any help greatly appreciated

                          thanks

                          Keri

                          Comment


                          • #14
                            Re: Routing and remote access help!

                            as far as ive got....

                            ive manually added some ip settings now...and you are correct...if i change the default gateway to the servers gateway then i can see the 2nd nic network range (192.168.200.xxx) but i have no internet so the routing table isnt pointing the client at the correct exit for internet accesss......is this a static route application or a add on by adding antoher default gateway to the tcp settings of the client???

                            All the best

                            Keri

                            Comment


                            • #15
                              Re: Routing and remote access help!

                              You can still get internet but you need to tell your gateway that provides internet access to reroute all traffic for the 192.168.20x.xxx to the server(10.19.177.2).


                              If your server is connected to two networks the 192.168.20x.xxx and 10.19.177.x , and there is another server or device that clients use for internet access.. You need to setup a route on the internet gateway (the clients gateway that provides internet access) to route all traffic for 192.168.20x.x through the 10.19.177.x servers.


                              You can add a route on the client pcs' (eg in command prompt "route add 192.168.202.0 mask 255.255.255.0 10.19.177.2) but this will be STUPID. Simply just add a route on the device that provides internet access for the clients. If this device is a cisco router you will need to get the guys to create this or if you know cisco, you are on your way to your solution.

                              Comment

                              Working...
                              X