2 Gateway's on 1 NIC on Windows Server 2003

Greetings all,

Here is my situation.

I have 2 internet connections to our company.

1. Comcast Cable Service
2. A local ISP DSL

This is necessary due to the fact that since we host our own mail server, we
need to have reverse DNS resolution. Something Comcast does not offer. Only
in/out bound email travels through the DSL. All other web traffic uses
Comcast.

My company network has ip info such as:

192.168.1.DHCP
255.255.255.0
192.168.1.1

I have a linksys router on the dsl service that routes packets to our
server. My server has 1 NIC in it.

Because the router has an IP addy of 1.250, I need to designate the Gateway
of 1.250

So, while the network clients point to 1.1 for a gateway, my server uses
1.250 for its gateway. This is presenting a problem when communicating with
that server. If a client with 1.1 connects to it, some small probelems
arise.

Is there an effective way to give 2 gateways to 1 NIC, or maybe even 2 NICs?
I have tried to enter the second gateway number (1.250) in, and give it a
metric of 2, while giving 1.1 a metric of 1. But none of the SMTP traffic
comes through.

"Jwolfer" <(E-Mail Removed)> wrote in message
news52D3240-42CF-418E-885F-(E-Mail Removed)...
> Is there an effective way to give 2 gateways to 1 NIC, or maybe even 2
NICs?
> I have tried to enter the second gateway number (1.250) in, and give it a
> metric of 2, while giving 1.1 a metric of 1. But none of the SMTP traffic
> comes through.

No,...almost always,...but sometimes,... yes. I don't understand what you
are attempting well enough to say. Can you explain in a more focused way
what you are trying to do.

I don't want to know about clients pointing here and there and this pointing
there and that point here. What I want to know is:.......

You have two INet connections:

1. Comcast Cable Service
2. A local ISP DSL

What do you want to do with each one specifically?

How does each one connect to your LAN? Using the same device? Separate
devices?

What Servers are involved and where/how are they *physically* located with
respect to these two Connections?

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

you may need tom odify the routing table. quoted from http://www.ChicagoTech.net
One router goes to the corporation email server and another one goes to the Internet

Symptoms: you have one router connecting to the corporation for email and the Internet access. However, the corporate Proxy server filters web sites and watches you access. Then, you add another router for the Internet access and want to use the corporate router for the email only, but the traffic always go to the corporation router.

Resolution: You need to modify the routing table. Make all traffic go to the Internet and point the email server to the corporation ip range.


Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

I recommend Brinkster for web hosting!

"Jwolfer" <(E-Mail Removed)> wrote in message news52D3240-42CF-418E-885F-(E-Mail Removed)...
Greetings all,

Here is my situation.

I have 2 internet connections to our company.

1. Comcast Cable Service
2. A local ISP DSL

This is necessary due to the fact that since we host our own mail server, we
need to have reverse DNS resolution. Something Comcast does not offer. Only
in/out bound email travels through the DSL. All other web traffic uses
Comcast.

My company network has ip info such as:

192.168.1.DHCP
255.255.255.0
192.168.1.1

I have a linksys router on the dsl service that routes packets to our
server. My server has 1 NIC in it.

Because the router has an IP addy of 1.250, I need to designate the Gateway
of 1.250

So, while the network clients point to 1.1 for a gateway, my server uses
1.250 for its gateway. This is presenting a problem when communicating with
that server. If a client with 1.1 connects to it, some small probelems
arise.

Is there an effective way to give 2 gateways to 1 NIC, or maybe even 2 NICs?
I have tried to enter the second gateway number (1.250) in, and give it a
metric of 2, while giving 1.1 a metric of 1. But none of the SMTP traffic
comes through.

Sorry about that.. I sorta figured I wasn't describing this well.

Here is a link to a JPG image outputted from visio of our network topography.

http://pride.fites.net/netlayout.jpg

If you look at the diagram, you will see that on the right side (corporate
office), we have 2 Inet connections coming in. Each has a different
router/firewall.

The Planetcable DSL line comes in, hits the linksys firewall (who's IP is
192.168.1.250) and forwards any smtp packets through port 25 on to the AV
Server (which is our company Anti Virus Server), where it is then scanned and
forwarded onto our SMTP email server.

The problem is, the AVServer (192.168.1.17) needs to connect to the
192.168.1.250 linksys router gateway, as well as the rest of our network.
The rest of the network uses 192.168.1.1 as its gateway.

Essentially, AVServer does not see Davinci. It sees 192.168.1.9, but not
the DNS name Davinci.

So, I would like to have 2 gateways set up on the AVServer, 1 for the
linksys router side (1.25), and 1 for the rest of the network (1.1)

That help?

"Jwolfer" <(E-Mail Removed)> wrote in message
news:1ABDBA2A-8814-4381-B1F0-(E-Mail Removed)...
> Sorry about that.. I sorta figured I wasn't describing this well.
>
> Here is a link to a JPG image outputted from visio of our network
topography.
>
> http://pride.fites.net/netlayout.jpg

Excellent! If everyone gave a diagram like that life here would be so easy
it would be a sin!

> The Planetcable DSL line comes in, hits the linksys firewall (who's IP is
> 192.168.1.250) and forwards any smtp packets through port 25 on to the AV
> Server (which is our company Anti Virus Server), where it is then scanned
and
> forwarded onto our SMTP email server.

1. Get rid of the second Nic in the AV Server. Adjust the PlanetCable box to
pass the SMTP to 192.168.1.17 instead of 192.168.1.96
2. Plug *both* DSL Devices into the Switches. Do not plug the PlanetCable
box into the AV server directly as the diagram shows.
3. The AV Server will use the PlanetConnect Box as the Default Gateway (It
is the only machine that does). It will never use the ComCast box, don't
worry about it,...it is irrelevant.
4. All the other machines will use the ComCast Box as the Default Gateway.
They will use the PlanetConnect box to get to the Corp LAN due to my next
comment, #5.
5. On the ComCast box, add a Static Route that tells it to use 192.168.1.250
as the Gateway to 192.168.10.1

> Essentially, AVServer does not see Davinci. It sees 192.168.1.9, but not
> the DNS name Davinci.

Your duel nics is causing this. If you do what I described above then this
problem won't even exist to begin with.

For futher details concerning DNS,...you should have you DNS setup as
described below,...if you aready do, then good,...if not, you'd better
change it.

All devices,..everything,... must use your Active Directory DNS Server as
thier DNS Server,...and only that server(s). Your ISP's DNS (nor the DSL
Devices) should ever appear in any of the network settings of any device on
your LAN,...ever.

Then,...within the configuration of the AD DNS Server itself find the
Forwarder List.

MMC--> Servername ---> Properties ---> Forwarders Tab

List the ISP's DNS Server(s) here.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Sorry for the delayed response. I rolled out exchange server last week, so
this got put on hold.

I feel that I am right with you on the theory of this... but just not sure
how to actually accomplish it.

You are saying to add a static route on davinci? or on avserver?

remote users are using 192.168.10.1 for a gateway, coming through the VPN,
hitting the comcast modem, and then the pix firewall/vpn. Then they hop onto
our network just like veryone else.

So, which server do I need to add the static route to?

Static routes only effect "1 hop" so the Static route goes on the device
that immediately preceeds the "next hop". In other words it goes on the
Device that has to make the decision, and decisions are always asking "what
is the next hop?",...not... "what is the hop after the next hop?"


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Jwolfer" <(E-Mail Removed)> wrote in message
news:CBC5CD70-9272-4F68-903B-(E-Mail Removed)...
> Sorry for the delayed response. I rolled out exchange server last week,
so
> this got put on hold.
>
> I feel that I am right with you on the theory of this... but just not sure
> how to actually accomplish it.
>
> You are saying to add a static route on davinci? or on avserver?
>
> remote users are using 192.168.10.1 for a gateway, coming through the VPN,
> hitting the comcast modem, and then the pix firewall/vpn. Then they hop
onto
> our network just like veryone else.
>
> So, which server do I need to add the static route to?

Next hop from who to who?

This is where I am confused.

The pix firewall sits on the same switch as the servers. So does the switch
need to be configured for routing?

I guess I didn't understand as much as I thought.

A switch can't route (lets keep the layer3 switch out of this one). You need
the default gateway to be the inside address of your PIX. Philip is correct
in what he stated, but I'll try and explain it another way. Let's say you
have three routers in a line. If your on router 1 and you want to get to
router 3, you will have to go through router 2. If you set your default
gateway to router 3 you may or may not get there. Why? If router 2 knows how
to get to router 3, you'll be OK. If router 2 doesn't know how to get to
router 3 your traffic will die there. No matter what route statements you
put in router 1, you'll never get there if router 2 does not know how to get
there. A good test is from router 1 do a traceroute to router 3 and see if
it crosses router 2. If it does router 2 it knows where to go! If it fails,
either router 1 or router 2 does not where to go. The next step is get on
router 2 and ping router 3. If it pings, it knows how to get there and the
problem is on router 1. If it can't get there, look at the route table
because the problem is on router 2.
BTW I've never seen a windows box that has two IP's on one NIC that can
route off it's configured subnets. If you get it working, please post for
the rest of us.

HTH


"Jwolfer" <(E-Mail Removed)> wrote in message
newsBFC0116-92A7-45A6-A971-(E-Mail Removed)...
> Next hop from who to who?
>
> This is where I am confused.
>
> The pix firewall sits on the same switch as the servers. So does the
switch
> need to be configured for routing?
>
> I guess I didn't understand as much as I thought.
>
>
>
>

I understand all of that, but I appreciate your reply.

What I am getting from all of this, is I need to have 1 NIC enabled on this
particular server.

It has the IP 192.168.1.17
SNM 255.255.255.0
GW 192.168.1.250

Clients who have an IP of 192.168.1.1xx and a GW of 192.168.1.1 can see the
server just fine. Clients who have an IP of 192.168.10.1xx and a GW of
192.168.10.1 cannot.

So essentially, any PC with a GW of 192.168.10.1 cannot see a gateway of
192.168.1.250.

I need to know how do a static route that fixes that.