Win 2000 routing puzzel

[Norssak]

Senario:

Working on a Laptop with win 2000 (DHCP Client)

The Laptop needs to access 2 ?special? subnets; one is our production site (192.18.97.0), the other is Sabre (151.193.141.0) while both these subnets look like regular internet addresses, neither can be accessed from just anywhere.   Our production site only accepts telnet and FTP traffic from the external IP addresses of my office routers.   Sabre can only be accessed through a check-point client or a Sabre router (my office router establishes the connection). 

So while the laptop is in the office, all is well; both subnets are accessible because the traffic goes through my outbound routers.

When the Laptop is out of the office it VPNs in.    Now neither subnet is accessible because Win 2000 tries to send the traffic through the ISP rather than through the VPN.    I fixxed that my adding static routes at the command line:

route add 192.18.97.0 mask 255.255.255.0 192.168.1.153 metric 1 -p
route add 151.193.141.0 mask 255.255.255.0 192.168.1.153 metric 1 -p

Now all traffic for the ?special? subnets gets piped through the VPNs virtual interface (192.168.1.153).      Again, all is well the laptop can access both subnets.

When in the office the laptop gets the same local IP (192.168.1.153) via a DHCP reservation.    So the static routes entered above make no sense, but they should essentially have no effect. 

But now something strange happens:   One subnet is accessible, the other isn?t.   I can?t explain this and hope that some of you can.    Below is a copy of a dos session performed while attached to the office network.   Again, all settings seem to be identical, yet on works, and one doesn?t.

Please post any insights you might have.

Z:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 00 86 5d 90 82 ...... FE575 Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.5   192.168.1.153       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.153   192.168.1.153       1
    192.168.1.153  255.255.255.255        127.0.0.1       127.0.0.1       1
    192.168.1.255  255.255.255.255    192.168.1.153   192.168.1.153       1
        224.0.0.0        224.0.0.0    192.168.1.153   192.168.1.153       1
  255.255.255.255  255.255.255.255    192.168.1.153   192.168.1.153       1
Default Gateway:       192.168.1.5
===========================================================================
Persistent Routes:
  None

Z:\>ping 151.193.141.2

Pinging 151.193.141.2 with 32 bytes of data:

Reply from 151.193.141.2: bytes=32 time=150ms TTL=249
Reply from 151.193.141.2: bytes=32 time=151ms TTL=249
Reply from 151.193.141.2: bytes=32 time=150ms TTL=249
Reply from 151.193.141.2: bytes=32 time=151ms TTL=249

Ping statistics for 151.193.141.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 150ms, Maximum =  151ms, Average =  150ms

Z:\>ping 192.18.97.241

Pinging 192.18.97.241 with 32 bytes of data:

Reply from 192.18.97.241: bytes=32 time=70ms TTL=241
Reply from 192.18.97.241: bytes=32 time=60ms TTL=241
Reply from 192.18.97.241: bytes=32 time=60ms TTL=241
Reply from 192.18.97.241: bytes=32 time=60ms TTL=241

Ping statistics for 192.18.97.241:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 60ms, Maximum =  70ms, Average =  62ms

Z:\>route add 151.193.141.0 mask 255.255.255.0 192.168.1.153 metric 1 -p

Z:\>route add 192.18.97.0 mask 255.255.255.0 192.168.1.153 metric 1 -p

Z:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 00 86 5d 90 82 ...... FE575 Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.5   192.168.1.153       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    151.193.141.0    255.255.255.0    192.168.1.153   192.168.1.153       1
      192.18.97.0    255.255.255.0    192.168.1.153   192.168.1.153       1
      192.168.1.0    255.255.255.0    192.168.1.153   192.168.1.153       1
    192.168.1.153  255.255.255.255        127.0.0.1       127.0.0.1       1
    192.168.1.255  255.255.255.255    192.168.1.153   192.168.1.153       1
        224.0.0.0        224.0.0.0    192.168.1.153   192.168.1.153       1
  255.255.255.255  255.255.255.255    192.168.1.153   192.168.1.153       1
Default Gateway:       192.168.1.5
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    151.193.141.0    255.255.255.0    192.168.1.153       1
      192.18.97.0    255.255.255.0    192.168.1.153       1

Z:\>ping 151.193.141.2

Pinging 151.193.141.2 with 32 bytes of data:

Reply from 151.193.141.2: bytes=32 time=151ms TTL=249
Reply from 151.193.141.2: bytes=32 time=150ms TTL=249
Reply from 151.193.141.2: bytes=32 time=150ms TTL=249
Reply from 151.193.141.2: bytes=32 time=150ms TTL=249

Ping statistics for 151.193.141.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 150ms, Maximum =  151ms, Average =  150ms

Z:\>ping 192.18.97.241

Pinging 192.18.97.241 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.18.97.241:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

Z:\>
  

 

[ScottMac]

Try making the subnet mask for the 151. net 16 bit instead of 24 (255.255.0.0 vs 255.255.255.0). I understand you probably need it to be 24 bits, but try it and see if it makes a diference.

(Actually, I leave for LasVegas tomorrow morning at zero-dark-hundred.....I'll be back Monday night...)

Good Luck

Scott

 

[Norssak]

Nope, changing the subnet mask didn't change a thing.

151.193.141.2 still pings
192.18.97.241 still doesn't

 

[Norssak]

Ok, not that you guys were much help , but I got it solved.

I can't explain it but this is the scoop:

I added the following routes:

route add 192.18.97.0 mask 255.255.255.0 192.168.1.153 metric 1 -p
route add 151.193.141.0 mask 255.255.255.0 192.168.1.153 metric 1 -p

Knowing fullwell that 192.168.1.153 was my local network interface, 192.168.1.153 in turn uses the router @ 192.168.1.5 as it's default gateway.

Now the route to 151.193.141.0 worked,
the route to 192.18.97.0 didn't

The only differance I could think of was that 192.168.1.5 had an explict path for 151.193.141.0, but not for 192.18.97.0. So I added a static route to this router directing 192.18.97.0 in the direction it would have gone anyhow.

And now it works.

Now to me this makes no sense, as 192.168.1.5 could properly route traffic for 192.18.97.0 without the explicit (redundant) static entry.

Go figure