We have a multihomed windows server.
- It has two physical interfaces A (192.168.1.140) and B (10.42.130.140)
- From machines on the same subnet both interfaces are pingable
- From a 3rd subnet B is pingable but A is not
- The windows machines default route is via interface A however there is a static route to the 3rd subnet via interface B
When you ping A from the third subnet the router reports that outbound connections from interface A are actually been sent out of interface B (and thus denied).
The goal is to be able to have both interfaces pingable from the 3rd subnet 10.42.100.0/24. The network topology is fairly simple, three switches each with only their own subnet traffic A, B and C connected via a Cisco ASA 5520. There are other minor subnets around however they are not really relevant to the issue at hand.
This looks like windows isn't responding from the right interface (the interface it got the request in on) and is pushing all it's traffic out via which ever route it deems best. Is there any way to bind traffic to the correct interface? I'd even accept a Cisco ASA rule to allow the traffic (it's dropping the SYN ACK) out of the B subnet.
The routing table of the windows machine looks like so:
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 72 36 e5 30 ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
0x10004 ...00 13 72 36 e5 32 ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.30 192.168.1.140 20
10.42.0.0 255.255.0.0 10.42.130.1 10.42.130.140 1
10.42.130.0 255.255.255.0 10.42.130.140 10.42.130.140 10
10.42.130.140 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.42.130.140 10.42.130.140 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.140 192.168.1.140 20
192.168.1.140 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.140 192.168.1.140 20
224.0.0.0 240.0.0.0 10.42.130.140 10.42.130.140 10
224.0.0.0 240.0.0.0 192.168.1.140 192.168.1.140 20
255.255.255.255 255.255.255.255 10.42.130.140 10.42.130.140 1
255.255.255.255 255.255.255.255 192.168.1.140 192.168.1.140 1
Default Gateway: 192.168.1.30
===========================================================================
Persistent Routes:
None
Thanks
If you are trying to get traffic, including ICMP pings, across a different subnet, then forwarding needs to be involved. or the interfaces need to be on a router. Other than enabling Internet Connection Sharing, which restricts the IP ranges handed out on a second interface, I don't know how to enable IP forwarding on Windows.
Your 3rd subnet sounds like it shares some of the same network bits as interface B, and that's why you can ping B.
The proper way to do what you are trying to do is change the IP of interface A to be in the same subnet as interface B, and make sure your 3rd subnet is also the same subnet.