Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » routing table terror
  •  
twinstead

Messages: 29
Karma: 0
Send a private message to this user
I am using winroute version 6.4.2.

The winroute computer is my default gateway. I have installed a seperate p2p T1 connected to another separate network, with a cisco router on each end. It is then plugged into my lan. Since the winroute box is our default gateway, I had to add an entry in the a routing table in winroute to redirect any traffic to the other network to the cisco router. Seems to work okay, to a point. The route is set to sent all requests to 192.168.2.0 to the router 2.20.20.1. Everything else goes out to the internet.

When I am on the other network, I can ping my network, access shared folders, access intranet websites, and telnet. What I can't do is use remote desktop, FTP, or any remote control software like VNC or Radmin.

It took some time, but I narrowed it down to this: The responses weren't being routed properly. Let me explain. I'm on a computer in my network and I tracert a computer in the other network. Here is the reply:

Tracing route to 192.168.2.9 over a maximum of 30 hops

1 1 ms <1 ms <1 ms firewall.dremain.com [2.20.120.237]
2 1 ms <1 ms <1 ms 2.20.20.1
3 36 ms 36 ms 35 ms 10.10.10.2
4 36 ms 36 ms 36 ms 192.168.2.9

As you can see, it properly goes to my winroute computer first (2.20.120.237), then gets popped over to the other router (2.20.20.1) then gets sent through the router (10.10.10.2) and then arrives on the other network (192.168.2.9). BUT, when this tracert rout exists, a response to a remote desktop request from the other network times out because the reply never arrives.

Now when I physically add a route to the remote desktop client, (i.e. route add 192.169.2.0 mask 255.255.255.0 2.20.20.1) and run a tracert, I get this reply:

Tracing route to 192.168.2.9 over a maximum of 30 hops

1 1 ms <1 ms <1 ms 2.20.20.1
2 35 ms 35 ms 35 ms 10.10.10.2
3 36 ms 36 ms 36 ms 192.168.2.9

Which just basically cuts out the middleman (the kerio winroute box) but does the same thing. When I do this however, suddenly I am able to connect to the client from the other network via remote desktop.

Sorry for the length of the post, but is there something else I need to do at the winroute level to fix this? It appears that the return port or some other information is being lost as it gets bounced from the winroute box to the cisco router. I'd hate to have to set up static routes on all of my pc's on this end.

Thanks
  •  
RHarmsen.nl

Messages: 189

Karma: 0
Send a private message to this user
Did you setup the routes on the other network to pass through the Winroute box, if not you might get the following with you packets, and this is not possible:

Forward
Client --> Winroute --> Cisco1 --> Cisco2 --> "SERVER"
Back
"SERVER" --> Cisco2 --> Cisco1 --> Client

The route needs to be the same (at least as far as I know).

If you are not able to fix this, and relay need the static routers, you might consider to give all clients the routes via DHCP. If all your clients use DHCP you only have to set option 33 (Static route) with the correct settings.

  •  
twinstead

Messages: 29
Karma: 0
Send a private message to this user
RHarmsen.nl wrote on Thu, 26 June 2008 00:59

Did you setup the routes on the other network to pass through the Winroute box, if not you might get the following with you packets, and this is not possible:

Forward
Client --> Winroute --> Cisco1 --> Cisco2 --> "SERVER"
Back
"SERVER" --> Cisco2 --> Cisco1 --> Client

The route needs to be the same (at least as far as I know).

If you are not able to fix this, and relay need the static routers, you might consider to give all clients the routes via DHCP. If all your clients use DHCP you only have to set option 33 (Static route) with the correct settings.




Thanks for your response.

I'm not sure I can get the remote network to pass through the winroute box; in order for me to forward the remote network to pass through the winroute box, I would need to first pass through the cisco anyway because the cisco1 is inside my network, and it would need to be routed to the winroute through it.

The only thing that is different in this situation is that when the server sends its response to the winroute box before it gets routed to the cisco it never arrives at the client. Pings, DNS, http and telnet make it no problem, but FTP, RDP, and any other port I've tried gets no response from the server.

cisco1 is local (the network whose gateway is the winroute box) cisco2 is the remote network (this network uses the cisco2 as its default gateway)

This works:

(from my local network to a server in the remote network)
Forward
Client --> Winroute --> Cisco1 --> Cisco2 --> "SERVER"
Back
"SERVER" --> Cisco2 --> Cisco1 --> Client

This does NOT:

(from the remote network to a server in my network)
Forward
Client --> Cisco2 --> Cisco1 --> "SERVER"
Back
"SERVER" --> winroute --> Cisco1 --> Cisco2 --> Client


[Updated on: Thu, 26 June 2008 01:22]

  •  
twinstead

Messages: 29
Karma: 0
Send a private message to this user
Well, the only way I was able to solve this was to take kerio out of the equation. I changed my networks default gateway to the cisco router so all packets went there first, then passed back everything but stuff destined to the remote network to winroute to get to the internet.

Everything works fine now. No thanks to kerio.

It's stuff like this that makes me just want to add the security IOS to my cisco, connect my internet T1 to another WIC card, and end using Kerio all together.
Previous Topic: KWF: Cant Attached File on Yahoo Messenger
Next Topic: Routing local http traffic?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 04:16:50 CET 2017

Total time taken to generate the page: 0.00438 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.