I have a Windows Server 2003 with dual NICs - the WAN facing NIC 192.168.25.2 and the other is 10.1.1.5. While all traffic is flowing nicely (and has for years), I am attmepting to configure a firewall to aid in a VOIP installation. The problem that is hampering me appears to be a missing route. If I take a laptop and assign it an IP address like 192.168.25.3 and put that laptop where the firewall usually sits I can NOT ping 10.1.1.5; tracert fails as well. Both tests behave as though they don't have any idea that 10.1.1.5 even exists. Is there a route statement that I should add to make this work? Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.25.1 192.168.25.2 1 10.1.1.0 255.255.255.0 10.1.1.5 10.1.1.5 10 10.1.1.5 255.255.255.255 127.0.0.1 127.0.0.1 10 10.1.1.31 255.255.255.255 10.1.1.31 10.1.1.31 50 10.255.255.255 255.255.255.255 10.1.1.5 10.1.1.5 10 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.25.0 255.255.255.0 192.168.25.2 192.168.25.2 10 192.168.25.2 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.25.255 255.255.255.255 192.168.25.2 192.168.25.2 10 209.169.212.224 255.255.255.255 192.168.25.1 192.168.25.2 1 224.0.0.0 224.0.0.0 10.1.1.5 10.1.1.5 10 224.0.0.0 240.0.0.0 192.168.25.2 192.168.25.2 10 255.255.255.255 255.255.255.255 10.1.1.5 10.1.1.5 1 255.255.255.255 255.255.255.255 192.168.25.2 192.168.25.2 1 Default Gateway: 192.168.25.1 I'll happily provide additional info if it helps.

Hello, please post an unedited ipconfig /all from the server and the machine you are talking about. Also it is not really a good idea to use Windows server for routing instead a real router, which prevent you from lot's of problems.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Agreed about the "real" router versus a Microsoft solution but I'm sorta working with what I have here. We used to have an ISA solution in place but that has been since replaced by hardware firewall (which is what I'm attempting to use for a site-to-site VPN solution). And no, this isn't a NT4SERVER no matter what my config file may claim! Windows IP Configuration Host Name . . . . . . . . . . . . : NT4SERVER Primary Dns Suffix . . . . . . . : domain.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.com Ethernet adapter WAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection # 2 Physical Address. . . . . . . . . : 00-14-22-76-A5-65 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.25.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.25.1 DNS Servers . . . . . . . . . . . : 10.1.1.5 Primary WINS Server . . . . . . . : 10.1.1.5 NetBIOS over Tcpip. . . . . . . . : Disabled Ethernet adapter Server Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-14-22-76-A5-64 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.1.1.5 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 10.1.1.5 Primary WINS Server . . . . . . . : 10.1.1.5 PPP adapter RAS Server (Dial In) Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : 00-53-45-00-00-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.1.1.31 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled

Hi Toxteth_O'Grady , Thanks for posting here. Please check if it worked with add another default route on your server which point to 10.1.1.0 segment : Route delete 10.1.1.0 Route delete 10.1.1.5 Route add 0.0.0.0 mask 0.0.0.0 10.1.1.5 And please make sure IP forwarding enabled on your server To enable TCP/IP forwarding, follow these steps: · Start Registry Editor (Regedit.exe). · In Registry Editor, locate the following registry key: · HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters · Set the following registry value: Value Name: IPEnableRouter Value type: REG_DWORD Value Data: 1 A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer. · Quit Registry Editor and restart . In addition, seems you had deployed VPN service on your server , remote and internal in same IP segment. It’s not recommend because it will result many issues. Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thank you! I'll try this out and report back with the results.

Nuts. Didn't work. I lost all connectivity to the outside world when making the suggested changes to the route table. I'm curious to other solutions if Tiger or anyone has suggestions. I think it would make sense to not have the two NICs in the server but that's a change that I hope to avoid making at this time.

Solved and it's kind of ridiculous. Updated the drivers for my working NIC cards to a newer version and the VPN can now complete the path to the LAN side NIC. I think there's a lesson in here somewhere...