Looking for W2K3 to route back to incoming gateway

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

We have a W2K3 server (say 192.168.1.20) which is on a local LAN.

There are two internet connections, both running Cisco routers,
192.168.1.254 (the main one) and 192.168.1.253 (the backup/incoming mail
one).

When we use the .254 cisco to forward ports from outside (ie 25 or 3389) to
the server, everything works OK. If we do the same with the backup connection
(.253) the connection from outside to either 25 or 3389 does not work.

I think this is because the W2K3 server is handed to originating public IP
address when a connection is made to either 25 or 3389 and by default goes
back out by .254.

Is there any way to make the W2K3 Server send the packets back through the
gateway that the connection came through, rather than always going out by the
default connection?

Thanks for your help - and I hope I've explained it OK!

Kind regards,


Paul
 
Is there any way to make the W2K3 Server send the packets back through the
gateway that the connection came through, rather than always going out by
the
default connection?
Click to expand...

It is the wrong approach. The answer more-or-less is "No" anyway. Both
lines need to come into the same Router. The machine on the LAN will use
that one Router,..they should not be made to "care" or even be aware of the
fact that there are two lines on the opposite side of the router,...that is
the Router's job to worry about that.

We run a pair of T1 lines comming into our place that same way. It even
gave us the ability to "merge" to two T1s to double our speed. If one goes
down we keep going but our speed will just drop to the speed of a single T1.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
 
Hi Phillip,

Thanks for the response.

We want two separate connections - as this will give us hardware redundancy
in the Cisco routers. So if one physically fails data will still be able to
use the second one.

Surely there is a way to get the Windows 2003 server to recognise that an
incoming connection from the internet has come via gateway A or B and route
back accordingly?

Thanks in advance.

Kind regards,


Paul
 
Troppy said:
Surely there is a way to get the Windows 2003 server to recognise that an
incoming connection from the internet has come via gateway A or B and
route
back accordingly?
Click to expand...

There is no "good" way. You can investigate "Dead Gateway Detection", but
I'll warn you now that it isn't going to behave the way you like.

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564
 
Hi Phillip,

Thanks for that. I am beginning to suspect this! It was suggested I could
use RIP, BGP or OSPF - are you aware of any of these and in particular
whether they could achieve the same result? The two routers are Cisco ones.

I looked at Dead Gateway Detection and this is turned on - on the Server
already - but it hasn't solved the issue.

Thanks Phillip.

Kind regards,

Paul
 
Troppy said:
Hi Phillip,

Thanks for that. I am beginning to suspect this! It was suggested I
could
use RIP, BGP or OSPF - are you aware of any of these and in particular
whether they could achieve the same result? The two routers are Cisco
ones.
Click to expand...

I thought about that after I posted, too.
I think it can be done, but have never done it,...never wanted to. RIP or
IGRP would be the best bet (if it works).

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
 
Hi Phillip,

I think IGRP would be closer - I'm not sure that RIP would be able to do it.

I'll do some research and post back to let you know!

Interesting one...

Kind regards,

Paul
 
Back
Top