Registered users    
MembershipMembership:
Latest New UserLatest:jenisa villarin
New TodayNew Today:13
New YesterdayNew Yesterday:9
User CountOverall:23322
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12890
Marina Roos12507
Eriq Neale2114
Stan Guinn1913
Michael Patrick1912
Robert Pearman1770
Nick Pieters1425
Stewart Brown616
william warren598
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004
Subject: routing lan traffic via another router
Prev Next
You are not authorized to post a reply.

Author Messages
russ lunn User is Offline
United Kingdom
Member since
5/21/2006

Registered Users
Posts: 5
3/26/2007 03:51 PM  
Hi,

I have the SBS box connected to the internet, thats fine
it is setup as the default gateway on the clients,
we have two seperate ISDN routers that route to some 30ish subnets

how do i get the SBS to pass traffic for these subnets to the correct router when the clients need to access them?
i tried to add a route to the SBS box, but it works only on the server not for the client machines.

Regards,

Russ
Doug Abney User is Offline
United States
Member since
5/12/2006

Registered Users
Posts: 9
3/26/2007 11:21 PM  
You'll need a NIC for each ISDN router, but couldn't you do this with a static route for each subnet to use when the client initiates traffic to that IP or subnet?
 
route add -p 123.456.x.x MASK 255.255.255.248 192.168.1.100 METRIC 1
 
This statement should take traffic trying to get to 123.456.x.x through the ISDN gateway(192.168.100)  that would be connected to your ISDN router appropriate for that subnet.
 
Change your destination and gateway to the gateway for the appropriate ISDN router for your 30 subnets.
 
I'm struggling with trying to get the appropriate access rules\networks\computers to my destination through ISA, but building routes for this should get your trafiic there.
 
HTH-Doug
Leo du Preez User is Offline
South Africa
Member since
4/3/2007

Registered Users
Posts: 186
4/04/2007 11:51 AM  
Hi
 
A typical setup of two routers router 1 and router two using IPSEC
 
Current configuration : 1404 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SV3-2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!--- These are the Internet Key Exchange (IKE) parameters.
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 10.5.76.57
!
!--- These are the IPSec parameters.
crypto ipsec transform-set myset1 esp-3des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
 set peer 10.5.76.57
 set transform-set myset1
 
!--- Encrypt traffic to the other side.
 match address 100
!
interface Serial0/0
 description Interface to Internet
 ip address 10.5.76.58 255.255.0.0
 ip nat outside
 clockrate 128000
 crypto map mymap
!
interface Ethernet0/0
 ip address 172.16.1.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 half-duplex
!
!--- This is the NAT traffic.
ip nat inside source static network 172.16.0.0 172.18.0.0 /16 no-alias
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!--- Encrypt traffic to the other side.
access-list 100 permit ip 172.18.0.0 0.0.255.255 172.19.0.0 0.0.255.255
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
end
Router B
 
Current configuration : 1255 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SV3-15
!
boot-start-marker
boot-end-marker
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
!
!--- These are the IKE parameters.
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 10.5.76.58
!
!--- These are the IPSec parameters.
crypto ipsec transform-set myset1 esp-3des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
 set peer 10.5.76.58
 set transform-set myset1
 !--- Encrypt traffic to the other side.
 match address 100
!
interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 description Interface to Internet
 ip address 10.5.76.57 255.255.0.0
 ip nat outside
 crypto map mymap
!
!--- This is the NAT traffic.
ip nat inside source static network 172.16.0.0 172.19.0.0 /16 no-alias
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!--- Encrypt traffic to the other side.
access-list 100 permit ip 172.19.0.0 0.0.255.255 172.18.0.0 0.0.255.255
!
line con 0
line aux 0
line vty 0 4
!
end
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
4/05/2007 01:07 AM  
Hi Russ,
 
Can you elaborate on the 2 ISDN routers please? SBS doesn't play nice with more than 3 nics, and if you have multiple WAN connections, you would do better to get a multi-WAN router that is doing those.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
russ lunn User is Offline
United Kingdom
Member since
5/21/2006

Registered Users
Posts: 5
4/18/2007 10:29 AM  
Hi,
Sorry for the delay in answering, holidays got in the way :->

anyway,
i will try and explain the problem

first the setup.
SBS only has two nics. i have an internal network, 192.168.200.0/24 on this network i have four gateways
200.2 which is the sbs and handles internet
200.254 which is a hardware ipsec box and handles some box-to-box VPN's (approx 30 networks)
200.251 which is a cisco 800 series isdn router and links us to approx 20 networks
200.252 which is a 3com router and links us to about 10 networks
we do remote support, so we have lots of low volume links.

cisco(.251) is default gateway
at present in the cisco (.251) i can go in and put IP ROUTE statements including an IP ROUTE 0.0.0.0 to push all unknown routes via the SBS (ie internet)

how do i set this up on the SBS. i tried route add, but it doesnt work for clients.
does this make any more sense????

Regards,

Russ
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
5/01/2007 01:31 AM  
Hi Russ,
 
Sorry, I still don't get the picture. Please, post an ipconfig /all from the server and a workstation. Open a command prompt by opening Start -> Run from the Start Menu and type cmd. From the command prompt type ipconfig /all >ip.txt. Attach this file to your answer.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Paul Murana User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 97
5/01/2007 06:53 PM  
Russ,

You can add the static routes in RRAS on the SBS server and then the routing information will be correctly passed to the clients. I have used the approach a number of times and it works well.

Paul
Paul Murana
http://www.accendo.co.uk/blog
russ lunn User is Offline
United Kingdom
Member since
5/21/2006

Registered Users
Posts: 5
5/01/2007 10:36 PM  
Hi Paul,
 
thanks for the reply
i assume they go into
->IP Routing -> static routes ??
 
i will try this and hopefully it will work!!
 
Cheers
 
Russ
Doug Abney User is Offline
United States
Member since
5/12/2006

Registered Users
Posts: 9
5/01/2007 11:28 PM  
Russ,

If you take a look at my reply on 03/26 I gave you the way to add a persistent static route by command line. I guess I wasn't explicit enough to point out that you needed to run that command on the SBS, but I thought it was understood.

You can add static routes through through the RRAS GUI or the command line and the net affect is the same. Type route /? at a command prompt on the SBS and you'll get enough help to accomplish what it is you're trying to do via the command line if interested.

Now if I could only get somebody interested enough to answer my question about ISA2004 and a Cisco 3002 that I posted the same time I answered your question I'd be set.

Good Luck-Doug
Paul Murana User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 97
5/02/2007 09:39 AM  
Russ, thats the correct place to go.

Doug, as I understand it routes added via the command line on the server will not propogate to clients and are not avertised via RIP. Routes added via RRAS definatley are. I am not 100% sure and I am not in a postition to test it, but I think that this is the case.

Paul
Paul Murana
http://www.accendo.co.uk/blog
russ lunn User is Offline
United Kingdom
Member since
5/21/2006

Registered Users
Posts: 5
5/02/2007 06:10 PM  
Hi Guys,
 
Doug,
from what i can tell Paul is correct, the routes are not propagated to the client if you do a route add
that was the first way i tried to achive this objective.
 
Paul.
 
I have added the routes in the RARS and it all works like a charm
 
thankyou.
 
Russ
Marcel Huijbens User is Offline
The Netherlands
Member since
6/7/2005

Platinum Membership
Posts: 8
11/13/2007 10:54 PM  
Hi Guys and Gals,
 
I also added some static routes in RRAS on my SBS but they won't propagate. If I add the routes locally on the clients it works just fine. It would be great if somebody could tell me why this is not working on 2 locations.
 
It was working fine, until I replaced the SBS2000 by SBS2K3 servers.
 
Marcel
 
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > routing lan traffic via another router


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.3593773 seconds.   :   Terms Of Use   :   Privacy Statement