Re: Persistent Route ignored on W2K when destination network is unavailable

From: ITguy_uk (itguy_uk_at_hotmail.com)
Date: 07/27/04 

Date: 27 Jul 2004 11:40:02 -0700

Phil,

Thanks for the reply, this has been one of those grey areas that I
haven't been able to get to the bottom of. It did seem ludicrous that
a global setting like the gateway to a particular subnet should be set
on individual machines. I did look at setting this via DHCP but there
was no obvious method of doing this so this didnt seem the correct
method of acheiving this.

Apologies for not being clearer in my original post but the hosts on
this network access the internet via a NAT firewall (connected to
broadband) and not a proxy server. Currently the client machines
default gateway is set to the internal IP of the NAT firewall, so that
most internet traffic goes through this appliance. Some of the hosts
on the network need to access a remote server on a different subnet
via a WAN link. The WAN link traffic is routed by a Cisco router which
I do not have access to the config of (the comms provider do this).
>From what you have said I need to do one of the following:

1. Set the default gateway to the NAT firewall on the hosts and add a
route on the NAT firewall so that any traffic to the remote server
across the WAN gets redirected to the Cisco router.

2.Set the default gateway to the Cisco router on the hosts and add a
route on the Cisco firewall so that any traffic to the internet gets
redirected to the NAT firewall.

I think option 1 is preferable as I don't have control of the Cisco
router config and the majority of the traffic will be for the internet
and not the remote server across the WAN. Als does a NAT firewall
count as a LAN routing device or should there be a LAN routing device
in front of the NAT firewall?

Thanks again for clearing up my confusion

"Phillip Windell" <@.> wrote in message news:<uQAlHpLcEHA.1652@TK2MSFTNGP09.phx.gbl>...
> Although it would seem it should work, the client's routing table is not
> that place to do this. This should be done at the routing device that they
> use (in this case the proxy). Place the static routes on the proxy instead.
> Then make sure the full address range of this remote subnet is also included
> in the proxy's LAT. The Client's DFG takes them to the proxy box which then
> routes it via the static route to the proper gateway. "Routing" (aka IP
> Forwarding) must be enabled on the proxy,...which of course isn't the most
> desireable thing for a proxy. Proxys should never "double" as a LAN routing
> device.
>
> Other questions though, only NAT services require the use of "gateways" to
> get to the net,...proxys do not,...proxys use settings in the browser to
> "find" the proxy. You may be incorrectly using the proxy as a Default
> Gateway. The clients should use a LAN routing device as the Default Gateway
> which would itself use the internet gateway as its DFG. Situations vary, and
> I have no idea what your situation is.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> "ITguy_uk" <itguy_uk@hotmail.com> wrote in message
> news:8be6df4c.0407230152.3d7c4fe4@posting.google.com...
> > I currently have Windows 2000 Professional (SP4) workstations that
> > have persistent routes set to another subnet which is the other side
> > of a private WAN connection. These workstations have their default
> > gateway set to our internet proxy server which allows them to access
> > external sites e.g. web sites and FTP servers. These routes are set
> > using:
> >
> > C:/route -p add <destination IP> MASK 255.255.255.0 <Gateway IP>
> >
> > e.g:
> >
> > C:/route -p add <192.168.1.0> MASK 255.255.255.0 <192.168.5.1>
> >
> > This works as expected as can be seen from tracert (IPs changed to
> > example ones):
> >
> > Microsoft Windows 2000 [Version 5.00.2195]
> > (C) Copyright 1985-2000 Microsoft Corp.
> >
> > C:\>tracert server1
> >
> > Tracing route to server1 [192.168.1.2]
> > over a maximum of 30 hops:
> >
> > 1 <10 ms <10 ms <10 ms 192.168.5.1 <========== local
> > WAN router
> > 2 50 ms 50 ms 50 ms 203.204.6.72 <========== remote
> > WAN router
> > 3 50 ms 60 ms 50 ms server1 [192.168.1.2]
> >
> > Trace complete.
> >
> > This works as expected until the WAN link is down for any amount of
> > time. Once the WAN link has been down for a period of more than approx
> > 1 hour the workstations lose connectivity with the remote subnet.
> > When I run the "route print" command I can still see the persistent
> > route listed but on running tracert to a host on the other subnet the
> > traffic is routed via the default gateway (internet connection via
> > ISP) rather than the internal WAN gateway.
> >
> > If I re-run the route command above the route is restored and
> > connectivity re-instated. It is almost as if there is a timeout where
> > after a specified time windows stops attempting to access that subnet
> > via the specified static route and defaults to the default gateway.
> > This seems to be incorrect, if a route is persistent then windows
> > should keep re-trying until the connection is restored or produce an
> > error message to inform the user the route is no longer available (on
> > screen or event log).
> >
> > My questions are:
> >
> > 1.Does anyone know why it is defaulting to the default gateway when
> > the persistent route loses connectivity?
> >
> > 2. Does anyone know how to prevent this default gateway fall back
> > (registry or network properties setting)?
> >
> > 3. Should windows utilise the default gateway when connectivity is
> > lost to a host accessible via a previously persistent route?
> >
> > 4. Why does it still list (ROUTE PRINT) the persistent route even
> > though it is no longer using it due to loss of connectivity?
> >
> > I have looked on the MS KB and searched on google but it does not seem
> > to be mentioned anywhere. Any hints would be appreciated.
> >
> > Thanks in advance

Relevant Pages

  • Re: 2 WAN + 1 LAN on 1 box
    ... You can only have one default gateway per machine, ... B is listening on WAN .B. ... If I create a 0.0.0.0 route of last resort in RRAS that routes through WAN ... I can assign default gateways to my WAN nics .A and .B because they're on ...
    (microsoft.public.windows.server.networking)
  • Re: I need to block users from changing their IP/gateway settings
    ... I have a couple of users who like to change their gateway so they can ... route themselves out a different WAN. ... LAN properties on local machines, we aren't in a domain and I don't ...
    (microsoft.public.windows.group_policy)
  • Re: I need to block users from changing their IP/gateway settings
    ... I have a couple of users who like to change their gateway so they can route ... themselves out a different WAN. ... policy user can not change any settings. ...
    (microsoft.public.windows.group_policy)
  • Re: VPN and remote gateway
    ... > It seems you use the wrong route add command. ... > when the VPN connection is established. ... > | using the remote network as my gateway. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to *ENABLE* icmp redirect on windows xp workstation ?
    ... > I'm using DHCP on the LAN and point default gateway to the internat ... > and the internet gateway forward the packet to innernet gateway. ... it sounds like a static route configured in your ...
    (microsoft.public.windows.server.networking)