Ping reply through the same interface

Hello,

My server has two interfaces. Let's say, 10.10.10.1 and 10.10.11.1.
Now, I have a collection station which probes these interfaces using
ICMP (to determine that they are up). When this station pings these
interfaces, I want the reply to be sent through the same interface
from which it received ping request. That is, if the station pings
10.10.10.1 then I want the server to reply through 10.10.10.1. And if
the station pings 10.10.11.1, I want it to reply through 10.10.11.1.

The reason is that there are stateful firewalls between the station
and the server, so that when a ping request travels towards
10.10.10.1, it passes through one firewall, and then the reply (which
goes through 10.10.11.1) passes through ANOTHER firewall, which of
course blockes the reply, because it has no idea about the appropriate
session.

The server is running Windows NT 4. Another one (with the same issue)
is running Windows 2000 Advanced Server.
Is there any way to make Windows reply to ping through the same
interface from which it receives the request?

Thank you.



Dmitry Perets

HI,
that server with 2 nic's make some routing or NAT between theese 2 IP's?
do you have set for both nic's default gateway?
--
Dragos CAMARA
MCSA Windows 2003 server


"Dmitry Perets" wrote:

> Hello,
>
> My server has two interfaces. Let's say, 10.10.10.1 and 10.10.11.1.
> Now, I have a collection station which probes these interfaces using
> ICMP (to determine that they are up). When this station pings these
> interfaces, I want the reply to be sent through the same interface
> from which it received ping request. That is, if the station pings
> 10.10.10.1 then I want the server to reply through 10.10.10.1. And if
> the station pings 10.10.11.1, I want it to reply through 10.10.11.1.
>
> The reason is that there are stateful firewalls between the station
> and the server, so that when a ping request travels towards
> 10.10.10.1, it passes through one firewall, and then the reply (which
> goes through 10.10.11.1) passes through ANOTHER firewall, which of
> course blockes the reply, because it has no idea about the appropriate
> session.
>
> The server is running Windows NT 4. Another one (with the same issue)
> is running Windows 2000 Advanced Server.
> Is there any way to make Windows reply to ping through the same
> interface from which it receives the request?
>
> Thank you.
>
>

1. You didn't give the mask. These have to be in two different subnets.
You are *not* supposed to have two nics in the same subnet unless they are
"Teamed".

2. If they are in the same subnet they will not work as you want.

3. If they are in different subnet they will work as you want and there is
nothing for you to do to make it happen.

4. If the source of the Ping is not in the same subnet as the nic it pinged
it will not work as you want and the server will reply on from the nic that
is associated with the Default Gateway. This is the same thing that will
happen if you use the same source machine for both of the "pings". That is
the way TCP/IP works. That is the way it is supposed to be,...you can't
change it,...it has nothing to do with Windows.

Routes leaving the server are determined by the Destination and how the
Destination fits into the Routing Table,...it has nothing to do with the nic
that received the "ping". The incomming ICMP packet and the outbound ICMP
Reply can,..and very often do,...take two different paths. That is why Ping
is not used to trace routing pathes,...that is what Tracert (Trace Route) or
Path-Ping are for. But even they may not take the same path for the
reply,...they overcome that by taking information about the object that was
pinged on that particular hop and packaging it in the Reply,..however the
Reply itself may take a completey different path.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

"Dmitry Perets" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hello,
>
> My server has two interfaces. Let's say, 10.10.10.1 and 10.10.11.1.
> Now, I have a collection station which probes these interfaces using
> ICMP (to determine that they are up). When this station pings these
> interfaces, I want the reply to be sent through the same interface
> from which it received ping request. That is, if the station pings
> 10.10.10.1 then I want the server to reply through 10.10.10.1. And if
> the station pings 10.10.11.1, I want it to reply through 10.10.11.1.
>
> The reason is that there are stateful firewalls between the station
> and the server, so that when a ping request travels towards
> 10.10.10.1, it passes through one firewall, and then the reply (which
> goes through 10.10.11.1) passes through ANOTHER firewall, which of
> course blockes the reply, because it has no idea about the appropriate
> session.
>
> The server is running Windows NT 4. Another one (with the same issue)
> is running Windows 2000 Advanced Server.
> Is there any way to make Windows reply to ping through the same
> interface from which it receives the request?
>
> Thank you.
>