Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Static Routing gone Bad!

Status
Not open for further replies.
doohder

doohder

IS-IT--Management
Nov 28, 2005
51
US
wireless.jpg

Here is what I have for a network layout everything I kinda of in the testing phase right now since all the locations are not connected yet. So here is what I currently have workin I have all the Internal users going through the ISA server by setting the gateway of last resort to the ISA server on the routers which is 10.0.0.2. I have a wireless system that needs to stay a public address so I am trying to set up a static route out to the T1 router to no avail. When I put in static route in such as 0.0.0.0 0.0.0.0 10.1.0.1. It will kick the internal users off going through the ISA server. I guess what I am asking how to I build a static route to the 216.x.x.161 with out affecting the 10.x.x.x users.
 
Sort by date Sort by votes
which router do you set this route?

ip route 0.0.0.0 0.0.0.0 10.1.0.1
 
Upvote 0 Downvote
I have two ip routes on the GrandRios at first I put in ip route 0.0.0.0 0.0.0.0 10.0.0.2 ....that will works to get my internal users to route through the ISA server. Then I add ip route 0.0.0.0 0.0.0.0 10.1.0.1 and that kicks the internal users off Going through the ISA. This is all on the GrandRios router also had to put ip route 0.0.0.0 0.0.0.0 on the PLP router to get users to go through the ISA server. Ive also tried to build static route by doing next hop on each router as ip route 216.x.x.161 255.255.255.240 (next hop).
 
Upvote 0 Downvote
Only one default route will work. Check out policy-based routing to route to the T1 based on source address.
 
Upvote 0 Downvote
That is actually what I am looking at right now but never really worked with PBR's before any insight you could help me with on them would great like commands and logic of it. Having a difficult time with it.
 
Upvote 0 Downvote
This ip route 0.0.0.0 0.0.0.0 10.0.0.2 does not belong on GrandRios because 10.0.0.2 is not the next hop 10.1.0.1 is the next hop from GrandRios. and are u talking about the users behind the grandRios Router.
 
Upvote 0 Downvote
Yeah but for some reason it works the internal user behind the grandrios router will still authenticate through the ISA server its not really a static route its more setting it up for a gateway of last resort so if the packet destination isn't found it forwards it to the ISA. Thats where i under stand i can't have two default routes for the 216.x.x.x network and the 10.x.x.x networks so I have to use PBR. Which sucks cuz i know very little about it.
 
Upvote 0 Downvote
This can be done with static routes, you just have to know which router to out which route.

so first thing is to what router are your users behind that are getting kicked off?

I have done networks like this with static routes and with RIP. So it can be done.traffic
 
Upvote 0 Downvote
no your first static route will alway be your default route but you can have more than one static route.

This is how i would configure your network.

1. you Internal ISA users will have a default gatway of 10.0.0.2

2. GrandRios, PLP and the T1 Router will be runing RIP

what do you need your wireless users to do?
 
Upvote 0 Downvote
so I start with GrandRios router I've already put in ip route 0.0.0.0 0.0.0.0 10.1.0.1 ....then on the PLP router I have a 0.0.0.0 0.0.0.0 10.0.0.1 which is the isa users behind the GrandRios can get out on the net... the next step would be on the plp router to put in . ip route 0.0.0.0 0.0.0.0 10.7.0.2. Correct? the second I put that command in my users behind GrandRios router can no longer get to the ISA...... I also realize you have to put in 0.0.0.0 0.0.0.0 10.1.0.2 to get back but even when I do the first one it messes with everything.
 
Upvote 0 Downvote
I do have the user setup behind the GrandRios router setup with the DG=10.0.0.2 even when I do that ip route on plp it still kicks them off.
 
Upvote 0 Downvote
on the PLP you should have only one static route.
ip route 0.0.0.0 0.0.0.0 10.0.0.2 because that route will not be reported by RIP from the SNA Server. this will work as long as u have RIP configured right?
 
Upvote 0 Downvote
the only static routes you need on this network are on the routers connected to the SNA server because you have to tell traffic to go thru the ISA server.
 
Upvote 0 Downvote
That is the way I have it setup right now

GrandRios router
ip route 0.0.0.0 0.0.0.0 10.1.0.1 = gateway of last resort 10.1.0.1

PLP router
ip route 0.0.0.0 0.0.0.0 10.0.0.2 = gateway of last resort 10.0.0.2

This works great up to this point to get internal users to go through the ISA. but I can't ping 216.x.x.161 which is the interface for wireless system that is public address from the PLP to GrandRios router
 
Upvote 0 Downvote
yea but if you need other static routes on the PLP: leave that one on there and add these to the PLP Router :

ip route 0.0.0.0 0.0.0.0 10.7.0.2
ip route 0.0.0.0 0.0.0.0 10.1.0.2


that try the ping from PLP to the wireless interface again.
 
Upvote 0 Downvote
The second I proceed to put in the 10.7.0.2 one it won't allow internal users to go through the ISA server another problem I have is once I get up to the T1 router to put a static route to 10.7.0.1 it everyone off the net because the two t1 lines use ip routes 0.0.0.0 0.0.0.0 216.x.x.166 to go to the ISP you can only have one default route so at the plp router its either gotta go to the ISA or to the T1 router it can't just pick which one its going to go to thats what a routing protocol is used for
 
Upvote 0 Downvote
you tell the computer which gateway to use in the tcpip setting. all ISA users should have a defaul gateway of 10.0.0.2 in there tcpip setting.
 
Upvote 0 Downvote
in which they do.... doesn't seem to help them from getting discconnected ..... in order to get my isa on the internal network I had to do a route add -p and give it a default gateway of 10.0.0.1 because its running dual nics and you can only have one default gateway so the default gateway is on the external nic which is 216.x.x.177(eth interface on T1router). To solve the problem of my internal nic not being able to have a different DGW I had to do a route print that worked to get my users behind the routers to see the ISA.
 
Upvote 0 Downvote
the problem that I think im having is when I put in ip route 0.0.0.0 0.0.0.0 10.7.0.2 it over rides the gateway of last resoft and it becomes 10.7.0.2 not 10.0.0.2 so when a user behind grandrios router type in on IE that they want to go to which is a source destionation that isn't in the ip route map it goes to do the gateway of last resort tell it reaches google.com which ISA would forward it to the public address and so on tell it got to google.com and back where 10.7.0.2 doesn't have nat so it drops the packet cuz it can't froward a routable address to a none routeable public address .....
 
Upvote 0 Downvote
when they get disconnect then do a tracert to 216.x.x.177 and see where it stops.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
180
Pankaj88
Pankaj88
ramblingrebel
  • Locked
  • Question
firmware upgrade gone wrong rv340
Replies
0
Views
171
ramblingrebel
ramblingrebel
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
109
mikey789
mikey789
paramjotsingh
  • Locked
  • Question
InterVALN Routing in Switch 3850
Replies
4
Views
169
paramjotsingh
paramjotsingh
jmkelly
  • Locked
  • Question
Dynamic routing protocols for catalyst 3850 switches
Replies
4
Views
271
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top