routing on Windows 2003 Standard

Hi

Is it possible to configure routing on 3 network cards, like 1 in 'private
network' and 2 are in 'public network'
The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
I want to do routing from LAN through first NIC on this 'gateway server' on
IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
10.10.10.2 and 10.10.10.3 (these two NIC are connected to ClusterFirewall,
which is connected to internet).
On 'gateway server' I need two card, becasue in case of working 'Firewall 1'
all traffic from lan and back will go through NIC 1 and 2 on 'gateway
server', but in case of working 'Firewall 2' traffic will go from lan and
back through NIC 1 and NIC3.
Is this possible?
Regards
Miha

No, W2k/W2k3 RRAS cannot cope with that. It will send all traffic to the
default gateway. If you configure two default gateways, it will select one
and use that. It will only use the second gateway if the first fails.

Surely this should be handled by the cluster firewall. A cluster is
usually accessed by a single "cluster" address, and the clustering software
looks after the load balancing.

"Miha" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
>
> Is it possible to configure routing on 3 network cards, like 1 in 'private
> network' and 2 are in 'public network'
> The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
> I want to do routing from LAN through first NIC on this 'gateway server'
> on IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP
> adress 10.10.10.2 and 10.10.10.3 (these two NIC are connected to
> ClusterFirewall, which is connected to internet).
> On 'gateway server' I need two card, becasue in case of working 'Firewall
> 1' all traffic from lan and back will go through NIC 1 and 2 on 'gateway
> server', but in case of working 'Firewall 2' traffic will go from lan and
> back through NIC 1 and NIC3.
> Is this possible?
> Regards
> Miha
>
>

On Tue, 21 Sep 2004 23:10:00 +0200, "Miha" <(E-Mail Removed)> wrote:

>Is it possible to configure routing on 3 network cards, like 1 in 'private
>network' and 2 are in 'public network'

Sure.

>The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
>I want to do routing from LAN through first NIC on this 'gateway server' on
>IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP adress
>10.10.10.2 and 10.10.10.3 (these two NIC are connected to ClusterFirewall,
>which is connected to internet).
>On 'gateway server' I need two card, becasue in case of working 'Firewall 1'
>all traffic from lan and back will go through NIC 1 and 2 on 'gateway
>server', but in case of working 'Firewall 2' traffic will go from lan and
>back through NIC 1 and NIC3.
>Is this possible?

It's confusing, but if I read this right you can do it. Though you
really don't need three NIC's, just the right IP addressing and some
routing.

Jeff

Alright...Bill and Jeff are saying opposite things <spank spank> let's get
it together,..what'll it be guys ;-)

Actually for me, the description was written too confusing, so I decided to
just "lurk" and see what happened.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Miha" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
>
> Is it possible to configure routing on 3 network cards, like 1 in 'private
> network' and 2 are in 'public network'
> The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
> I want to do routing from LAN through first NIC on this 'gateway server'
on
> IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP
adress
> 10.10.10.2 and 10.10.10.3 (these two NIC are connected to ClusterFirewall,
> which is connected to internet).
> On 'gateway server' I need two card, becasue in case of working 'Firewall
1'
> all traffic from lan and back will go through NIC 1 and 2 on 'gateway
> server', but in case of working 'Firewall 2' traffic will go from lan and
> back through NIC 1 and NIC3.
> Is this possible?
> Regards
> Miha
>
>

Thank you all for help. So if I'm getting this right, I need to configure
routing (RIP) from 'private' through 'public' card, and this can be done
with RRAS. Any help how to achieve this?

Regards
Miha

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> Alright...Bill and Jeff are saying opposite things <spank spank> let's get
> it together,..what'll it be guys ;-)
>
> Actually for me, the description was written too confusing, so I decided
> to
> just "lurk" and see what happened.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Miha" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi
>>
>> Is it possible to configure routing on 3 network cards, like 1 in
>> 'private
>> network' and 2 are in 'public network'
>> The situation is like: LAN - 'gateway server' - ClusterFirewall.(2 nodes)
>> I want to do routing from LAN through first NIC on this 'gateway server'
> on
>> IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP
> adress
>> 10.10.10.2 and 10.10.10.3 (these two NIC are connected to
>> ClusterFirewall,
>> which is connected to internet).
>> On 'gateway server' I need two card, becasue in case of working 'Firewall
> 1'
>> all traffic from lan and back will go through NIC 1 and 2 on 'gateway
>> server', but in case of working 'Firewall 2' traffic will go from lan and
>> back through NIC 1 and NIC3.
>> Is this possible?
>> Regards
>> Miha
>>
>>
>
>

If you are doing just "routing" there is no such thing as a private and
public card,..those concepts are strictly a NAT thing. You need to clarify
if you are wanting to NAT between a trusted and untrusted network or are you
simply wanting to route between two normal subnets, that is two entirely
different concepts. RRAS can do either one, but they are not the same thing
at all.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Miha" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thank you all for help. So if I'm getting this right, I need to configure
> routing (RIP) from 'private' through 'public' card, and this can be done
> with RRAS. Any help how to achieve this?
>
> Regards
> Miha
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > Alright...Bill and Jeff are saying opposite things <spank spank> let's
get
> > it together,..what'll it be guys ;-)
> >
> > Actually for me, the description was written too confusing, so I decided
> > to
> > just "lurk" and see what happened.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "Miha" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Hi
> >>
> >> Is it possible to configure routing on 3 network cards, like 1 in
> >> 'private
> >> network' and 2 are in 'public network'
> >> The situation is like: LAN - 'gateway server' - ClusterFirewall.(2
nodes)
> >> I want to do routing from LAN through first NIC on this 'gateway
server'
> > on
> >> IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP
> > adress
> >> 10.10.10.2 and 10.10.10.3 (these two NIC are connected to
> >> ClusterFirewall,
> >> which is connected to internet).
> >> On 'gateway server' I need two card, becasue in case of working
'Firewall
> > 1'
> >> all traffic from lan and back will go through NIC 1 and 2 on 'gateway
> >> server', but in case of working 'Firewall 2' traffic will go from lan
and
> >> back through NIC 1 and NIC3.
> >> Is this possible?
> >> Regards
> >> Miha
> >>
> >>
> >
> >
>
>

On Wed, 22 Sep 2004 09:48:40 -0500, "Phillip Windell" <@.> wrote:

>Alright...Bill and Jeff are saying opposite things <spank spank> let's get
>it together,..what'll it be guys ;-)

We're not really, but I didn't put in much detail.

>Actually for me, the description was written too confusing, so I decided to
>just "lurk" and see what happened.

It is confusing. As I read it, the OP had two firewalls in a cluster
and wanted some traffic to go to one firewall, and other traffic to go
to the other, using the system described as a gateway. He had three
IP addresses on three NICs, all in the same logical network, which
wouldn't ever route anyway.

My response was that he should be able to do this, but he's going to
need to change IP's, use proper routes, and likely configure his
clustered firewall. As he described it he cannot do it, for the
reasons Bill suggests as well as the fact that three NICs that are all
in the same logical network will never send anything out another NIC.

My suggestion is three logical networks, one for the LAN side and one
for each firewall. He can use routes to direct what traffic he wants
to go through which firewall, but the routes aren't going to be easy
and depend on what he's wishing for the client side.

It's still a pretty convoluted setup. Perhaps is the OP told us what
they wanted to accomplish and didn't post any IP or routing info.

Jeff

And the reply from Miha himself certainly didn't throw any light on the
situation!

"Jeff Cochran" <(E-Mail Removed)> wrote in messa
ge news:(E-Mail Removed)...
> On Wed, 22 Sep 2004 09:48:40 -0500, "Phillip Windell" <@.> wrote:
>
>>Alright...Bill and Jeff are saying opposite things <spank spank> let's get
>>it together,..what'll it be guys ;-)
>
> We're not really, but I didn't put in much detail.
>
>>Actually for me, the description was written too confusing, so I decided
>>to
>>just "lurk" and see what happened.
>
> It is confusing. As I read it, the OP had two firewalls in a cluster
> and wanted some traffic to go to one firewall, and other traffic to go
> to the other, using the system described as a gateway. He had three
> IP addresses on three NICs, all in the same logical network, which
> wouldn't ever route anyway.
>
> My response was that he should be able to do this, but he's going to
> need to change IP's, use proper routes, and likely configure his
> clustered firewall. As he described it he cannot do it, for the
> reasons Bill suggests as well as the fact that three NICs that are all
> in the same logical network will never send anything out another NIC.
>
> My suggestion is three logical networks, one for the LAN side and one
> for each firewall. He can use routes to direct what traffic he wants
> to go through which firewall, but the routes aren't going to be easy
> and depend on what he's wishing for the client side.
>
> It's still a pretty convoluted setup. Perhaps is the OP told us what
> they wanted to accomplish and didn't post any IP or routing info.
>
> Jeff

"Jeff Cochran" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 22 Sep 2004 09:48:40 -0500, "Phillip Windell" <@.> wrote:
> It is confusing. As I read it, the OP had two firewalls in a cluster
> and wanted some traffic to go to one firewall, and other traffic to go
> to the other, using the system described as a gateway. He had three
> IP addresses on three NICs, all in the same logical network, which
> wouldn't ever route anyway.

> My suggestion is three logical networks, one for the LAN side and one

<snip>

Yea, that sounds like the way to go to me.

> It's still a pretty convoluted setup. Perhaps is the OP told us what
> they wanted to accomplish and didn't post any IP or routing info.

Yea, it usually better if they just give the "goal" and lets us come up with
a good method, rather than try to explain some strange method and then have
us try to come up with some strange off-the-wall way to get it to somehow
"kinda-sorta" function.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

H

Sorry to bother you, but finally we decided what to do.Only two network
cards, and just route between them (like Philip said route between two
normal subnets.)
First one will be connected to our LAN switch (IP of first NIC:
10.10.10.10/16) which will route through the second one that is connected to
firewall (IP of second NIC: 10.10.10.11/16; gateway 10.10.10.1 - IP of NIC
in firewall).
How do I need to configure RRAS to work with that?
Thank you again for all help
Regards
Miha



"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> If you are doing just "routing" there is no such thing as a private and
> public card,..those concepts are strictly a NAT thing. You need to
> clarify
> if you are wanting to NAT between a trusted and untrusted network or are
> you
> simply wanting to route between two normal subnets, that is two entirely
> different concepts. RRAS can do either one, but they are not the same
> thing
> at all.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Miha" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Thank you all for help. So if I'm getting this right, I need to configure
>> routing (RIP) from 'private' through 'public' card, and this can be done
>> with RRAS. Any help how to achieve this?
>>
>> Regards
>> Miha
>>
>> "Phillip Windell" <@.> wrote in message
>> news:(E-Mail Removed)...
>> > Alright...Bill and Jeff are saying opposite things <spank spank> let's
> get
>> > it together,..what'll it be guys ;-)
>> >
>> > Actually for me, the description was written too confusing, so I
>> > decided
>> > to
>> > just "lurk" and see what happened.
>> >
>> > --
>> >
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> >
>> >
>> > "Miha" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >> Hi
>> >>
>> >> Is it possible to configure routing on 3 network cards, like 1 in
>> >> 'private
>> >> network' and 2 are in 'public network'
>> >> The situation is like: LAN - 'gateway server' - ClusterFirewall.(2
> nodes)
>> >> I want to do routing from LAN through first NIC on this 'gateway
> server'
>> > on
>> >> IP adress 10.10.10.1 through 2,3 NIC on the same gateway server on IP
>> > adress
>> >> 10.10.10.2 and 10.10.10.3 (these two NIC are connected to
>> >> ClusterFirewall,
>> >> which is connected to internet).
>> >> On 'gateway server' I need two card, becasue in case of working
> 'Firewall
>> > 1'
>> >> all traffic from lan and back will go through NIC 1 and 2 on 'gateway
>> >> server', but in case of working 'Firewall 2' traffic will go from lan
> and
>> >> back through NIC 1 and NIC3.
>> >> Is this possible?
>> >> Regards
>> >> Miha
>> >>
>> >>
>> >
>> >
>>
>>
>
>