How to Route a Request to 10 10.144.58.0?

Discussion in 'Server Networking' started by Simon White, Dec 18, 2008.

  1. Simon White

    Simon White Guest

    Hi

    I have VPN router with two Ip address (62.62.62.10, 192.168.10.1). The VPN
    router is used for request in the 10.143.57.0 range. I also have Windows
    2003 server with two IP Addresses (62.62.62.2, 192.168.10.2). The default
    gateway for both devices is 62.62.62.1.

    From the server (192.168.10.2) I can ping 192.168.10.1 without problem.

    I want to be able to connect to devices in 10.143.57.0 range from the
    server. So I want any requests for IP addresses in this range to be
    forwarded to the VPN Router which will then send them across the VPN.

    So I added a static route to the server using
    route add -p 10.143.57.0 mask 255.255.255.0 192.168.10.1

    However when I try tracert or ping to say 10.143.57.12 it goes no where. I
    was assuming the request would be forwarded to the VPN Router but it is not.
    The VPN Router log never shows any hits.

    What further configing is required in order to get the request sent to the
    VPN router?Is it necessary to put a route on the gateway (62.62.62.1)?
     
    Simon White, Dec 18, 2008
    #1
    1. Advertisements

  2. Simon White

    Simon White Guest

    The title should read "How to Route a Request to 10.143.57.0?"
     
    Simon White, Dec 18, 2008
    #2
    1. Advertisements

  3. Simon White

    Bill Grant Guest

    That is a very dicey setup. Why does this server have a public IP?
    Private LAN machines should not be connected to the Internet (and machines
    with Internet access do not need to use VPN). All private traffic for the
    Internet should go through a gateway router. Having multiple Internet
    connected machines on your LAN is a recipe for disaster.

    VPN (Virtual Private Networking) is designed to join private LANs by a
    secure connection through the Internet. The machines in each LAN should be
    in the private LAN only, not have independent access to the Internet.
     
    Bill Grant, Dec 19, 2008
    #3
  4. We need more information to help. here is the 10.143.57.0 range? How do you
    connect them?

    --
    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com
     
    Robert L. \(MS-MVP\), Dec 19, 2008
    #4
  5. Hi
    So both maschines are connected on one side to 62..... and on the other side
    to 192....

    some kind of parallel ?

    JK
     
    Juergen Kluth, Dec 19, 2008
    #5
  6. Simon White

    Simon White Guest

    The situation is that the servers are all part of a data center for hosted
    servers. All of the servers have public IP addresses protected by a Firewall
    because they are all accessed from the Internet. In my case all my clients
    use Terminal Services to run applications on these servers. Secondly one of
    the applications on the server must collect data from remote device across
    North America and this is done via a VPN with Bell Telephone's cell network.
    A VPN gateway exists currently between one server and the a CISCO router
    housed in a Bell Telephone data centre. I want to move the gateway from the
    my server to a Juniper Networks SSG-5 VPN router which is now located in the
    same data centre with out servers. So I need requests made to 10.143.57.0
    range to be sent to the VPN router all other network traffic should continue
    to use the default 62.62.62.1 gateway.

    Currently the system uses NCP' Secure Server running on the Windows 2003
    server to accomplish and it works well. The problem is that the data
    collection network is growing and the encryption load on the server is
    increasing thus slowing Terminal Services users. So I want to remove the VPN
    portion and begin using the SSG-5 router as the VPN gateway. I also want to
    have more servers connecting to the VPN gateway as the customer base grows.

    The only reason the servers and router have a private IP address was so that
    I could create a policy in the SSG-5 router for a Private interface. So I
    simply assigned a private IP addresses to the Router and the servers for that
    purpose.
     
    Simon White, Dec 19, 2008
    #6
  7. Simon White

    Simon White Guest

    As I explained to Bill in a previous response we are renting servers from a
    data centre and use them to host applications for our customers who access
    the servers using Terminal Services. The VPN portion is necessary for one
    particular application to gather data from remote devices across North
    America. These devices are part of a Virtual Private network created for us
    by Bell Telephone. The reason for the VPN is prevent the devices from being
    spamed and us from being charged for network traffic we did not create. The
    devices are only accessible via our VPN. These devices are all assigned IP
    addresses in the range of 10.43.57.0.
     
    Simon White, Dec 19, 2008
    #7
  8. Simon White

    Simon White Guest

    The data centre's network where we rent these servers is all based on public
    IP addresses protected by a firewall. So at the suggestion of the data
    centre technicians I assigned the servers and router a private IP address so
    that we could define a policy in the VPN router for a private interface. The
    router will then pass the request from the private interface to the public
    interface over the VPN and vice versa when a response is received. It is not
    possible to define the 62.62.62.0 range as both private and public therefore
    the need for the private IP addresses.
     
    Simon White, Dec 19, 2008
    #8
  9. That doesn't mean they should have Public IP#s,...in fact it means they
    should not.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Dec 20, 2008
    #9
  10. Simon White

    Simon White Guest

    That maybe but the IP Addresses are controlled by the Data centre not me.

    Simon
     
    Simon White, Dec 20, 2008
    #10
  11. Simon White

    Bill Grant Guest

    It sounds an interesting experiment but no the sort of problem that is
    easily handled through a newsgroup. You may need an on-site network expert
    to look at it.

    The big thing to remember about routing is that it is a two-way process.
    Getting the traffic from the private LAN through the VPN tunnel is only half
    the job done. It is perfectly useless unless the remote servers know how to
    route the return traffic through the same tunnel. How will they know that
    traffic from the 10. private network needs to go through the VPN tunnel?

    Would it be possible to use a NAT router between the private network and
    public one? That solves the basic routing problem because all traffic on the
    public network uses the NAT router's public IP, not the client machine's
    private IP.
     
    Bill Grant, Dec 20, 2008
    #11
  12. Yea, I saw the rest of your later description after I posted.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Dec 20, 2008
    #12
  13. Agreed.

    After re-reading the whole thread again I think we can throw out a lot of
    the "mytserious stuff",...forget a few acronyms exist, ...and just look at
    basic routing functionality. I think the problem is exactly what you saying
    here.

    The duel-homed server is a red-flag flapping in the wind, but I don't think
    it is the problem here. That will probably be an Oger to defeat on another
    day.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Dec 20, 2008
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.