I would appreciate any help with configuration of MS Windows Server 2012 R2. I have tried more solutions, but any of them were not so appropriate.
The idea is on the attached schema belove.
Server has AD.
Server has 2 NICs. Both are configured on the same subnet. (192.168.1.0) with IP addresses manually configured as is on the schema.
NIC 1:
IP:192.168.1.254
MASK: 255.255.255.0
GW: 192.168.1.1
DNS 1: 192.168.1.254
DNS 2: 192.168.1.1
Metric: 10
NIC 2:
IP:192.168.1.154
MASK: 255.255.255.0
GW: no
DNS 1: 192.168.1.154
DNS 2: 192.168.1.1
Metric 100
NIC 1 is connected to router from ISP 2.
NIC 2 is connected to router from ISP 1.
The goal is: All clients should have access to the internet via ISP 2. Some clients have acces also via ISP 1 via VPN. ISP 1 does not provide public static IP address. ISP 1 yes. So only via ISP 1 is possible to access the local network via VPN.
How to configure server to accept VPN connection and route whole traffic from VPN to local and to ISP 2?
Also I have tried 2 subnets (for VPN clients 192.168.2.0, for local clients 192.168.1.0 but no success to setup routing).
Thanks.
This is not how you do this, rather you need a firewall that supports multiple WAN interfaces - examples are Peplink (great if you also want to load balance the ISPs or get increased throughput by leveraging both of them) other examples include the Cisco RVx series, or Zywall USG series.
Then your server can have one IP on the LAN (as it should) and you can use the ACL/Firewall rules to control what goes in/out which ISP.
Related
I am on a Windows 10 machine. I have got the below routes configured in my machine.
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 1
10.1.0.0 255.255.0.0 192.168.2.1 192.168.2.5 1
10.2.0.0 255.255.0.0 192.168.3.1 192.168.3.5 1
When ping IP 10.1.1.1, I want to determine which network interface will be used to route the traffic.
Is there any network utility that can help me find the correct route based on the destination IP?
If you ping 10.1.1.1, it will use the interface with the IP 192.168.2.5 looking at your route table.
You can also use tracert 10.1.1.1 to see what route your network traffic will take.
I'm writing to you because I can't solve a problem with a client.
My client has an infrastructure with the following characteristics:
2 ISP routers
1 fortigate firewall
1 dedicated router that broadcasts a UCOPIA US250 guest portal
65 Zyxel switches (1900 - 24) and one 4600 switch (4x 24 ports for the core network)
250 WIFI LIGOWAZE NFT terminals
80 VLANs
I do not manage the first 3 equipments, it is another provider.
Today, I have to pass the VLAN dedicated to the guests.
The other provider has set up the FORTIGATE to broadcast the DHCP and the associated VLAN on the DMZ port to the OUT port of the UCOPIA.
I have to broadcast VLAN 420 from the IN port to the ZYXEL switch and to the LIGOWAVE terminals.
However, when I am connected to the UCOPIA on the IN port, I manage to get the desired IP and to reach the portal, but when I test on the ZYXEL switch, it is impossible to get the dedicated VLAN.
I put myself on another port of the ZYXEL, I TAG the VLAN in question. I have modified the ID of my VLAN on my computer in DHCP that does not work. I tried to use static IP but still nothing. I can't even ping the gateway.
The ZYXEL port to which the UCOPIA is connected is TAGGED on the dedicated VLAN. I have also tried Untagged and excluding all the other VLANs but it is impossible to get this network.
Do you have any other ideas for me?
Here, you can see my diagram network:
MyNetwork
I resolved my problem.
I configured Switch like that:
Untagged dedicated VLAN
But i forgot to change the PVID VLAN.
I changed it and that work !
Hello Everyone!
I want to know that is there any way to access a photocopier machine which is connected to a computer through Ethernet wire and that computer is connected to my WiFi network?
P.S: What if I don't know the IP assigned to that Photocopier machine?
If the wireless network is part of the wired network you should have any problem reaching the photocopier.
If you don't know the IP address, you can reach it by host name if the DHCP and DNS are working properly. If you are on an Active Directory infrastructure and DHCP and DNS are integrated it should be transparent.
If you are on your home with a "home" router they usually do the hostname to IP resolve (DNS).
You can nslookup hostname in your machine to see if your dns is resolving the ip address. you can also ping hostname or ping ip address to test that you can reach the desired host. Some hosts block ping (ICMP) requests, please note that ping is ping does not respond is not a definitive solution.
Please note that in your home router you should use your router or default gateway to be the DNS also, and then add the google public DNS or your ISP.
Also when connecting the access point to an existing network you may have 2 DHCP servers providing IP addresses to hosts, you should disable DHCP on the Access Point and connect the AP to the network using the switch port and not the WAN port (the WAN port will try to do NAT and assign a different set of IP addresses).
This is an easy solution, I just don't have it, so please help!
I have 6 Ruckus R500 WAP, connected into 2 Cisco SG300's, which are then connected to FortiGate 200D.
On the WAP, I have 5 SSID, one of which is set to VLAN 2.
The ports which the WAP connect to on the SG300's have VLAN 2 added to them, trunk mode.
In the FortiGate200D:
All ports are in LAN HW Switch.
IP: 10.3.7.210/255.255.252.0
DHCP 10.3.4.1-10.3.5.254
I have a VLAN sub created on the LAN, with an Id of 2.
IP: 10.3.9.1/255.255.255.0
DHCP 10.3.9.2-254
There are "auto" routes created for 10.3.9.0/24 --> 0.0.0.0
When I connect to the VLAN 2 SSID, I am unable to pull an IP. If I set static IP, I am unable to ping. Where am I messed up? Is it because my LAN HW Switch subnet does not contain 10.3.9.xxx ? What would the best way to overcome this be, perhaps change LAN HW Switch to 10.3.0.0/21?
Basically the end goal is 10.3.4.0 and 10.3.5.0 for normal connections. And then a separate subnet for VLAN2, could be 10.3.8.0 or 10.3.9.0 or whatever, even 192.168.1.0.
This was solved by Zac67. I had to correct tagging, then open up traffic to WAN and DHCP kicked in just fine. Thanks Zac67
I have 2 machine. One's IP is 169.254.41.172 and the other is 169.254.72.175. They are both connected to the same router. Why is the 'subnet?' different? I'm referring to the 3rd number between 41 and 72.
These are linklocal addresses, they use 255.255.0.0 as subnet mask, so both addresses are in the same subnet.
These addresses are generated automatically, if you want more control over them you will either need a DHCP server, or configure static IP addresses.
Your router is not acting as a DHCP server it seems.
169.254 is a special range usually for Windows machines when they can't obtain an IP address automatically.
From: http://packetlife.net/blog/2008/sep/24/169-254-0-0-addresses-explained/
Occasionally you may encounter a host which has somehow assigned
itself an IP address in the 169.254.0.0/16 range. This is a
particularly common symptom of Windows machines which have been
configured for DHCP but for whatever reason are unable to contact a
DHCP server. When a host fails to dynamically acquire an address, it
can optionally assign itself a link-local IPv4 address in accordance
with RFC 3927. Microsoft's term for this is Automatic Private Internet
Protocol Addressing (APIPA).
These machines are not getting an IP address. The beginning octets of "169.254" identify these addresses as "link-local".
http://en.wikipedia.org/wiki/Link-local_address
For what it's worth, the addresses are not on different subnets as the full link-local definition is 169.254.0.0/16, or a "Class B" subnet. That being said though, there's no way you'll be getting these computers to communicate any time soon. Is the router powered on, are the cables connected and are there uplink lights on the actual RJ45 jacks on both the router and computers? Is DHCP enabled on the router?