RRAS packet loss, confusing routing table, help please

YWCAofA

Member
Joined
Jan 6, 2009
Messages
6
I have Windows Server 2008 Routing and Remote Access set up as a NAT server. Clients drop occasional packets, and the server gives Destination Host Unreachable when I ping. I believe I have narrowed this problem down to the routing tables. It seems as though some old configurations are stuck in the Persistent Routes, and causing packet loss. I have restarted the server, but the persistent routes are still listed.

My network is configured like this:

Public IP
T1
10.8.1.1
|
10.8.1.2
Adtran TA600 Router
172.16.1.254
|
172.16.1.1
Windows Server 2008
192.168.1.2
|
192.168.1.x
Clients

This is what happens when I ping from the server:

ping google.com -n 10
Pinging google.com [209.85.171.100] with 32 bytes of data:
Reply from 192.168.1.2: Destination host unreachable.
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=93msTTL=244
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=94msTTL=244
Reply from 209.85.171.100: bytes=32time=95msTTL=244
Ping statistics for 209.85.171.100: Packets: Sent = 10,
Received = 10, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 93ms, Maximum = 95ms, Average = 94ms



Notice the first reply, "Reply from 192.168.1.2: Destination host unreachable."
It looks like instead of using the external IP address to find google, it's trying the internal IP address.

 

Here is my Route Print from the server

Code:
[FONT=Courier New]route print 
=========================================================================== 
Interface List 
11 ...00 1f e2 61 95 ff ...... Broadcom NetLink (TM) Gigabit Ethernet 
10 ...00 40 05 02 ed e1 ...... D-Link DFE-530TX+ PCI Adapter 
1 ........................... Software Loopback Interface 1 
12 ...00 00 00 00 00 00 00 e0  isatap.{E17568D3-BAEE-444C-98AC-798EF78BFA0C} 
14 ...00 00 00 00 00 00 00 e0  isatap.{DC503EBC-8BAE-4D1A-93CE-02C2958A5483} 
=========================================================================== 

IPv4 Route Table 
=========================================================================== 
Active Routes: 
Network Destination        Netmask          Gateway       Interface  Metric 
0.0.0.0          0.0.0.0         On-link       192.168.1.2    276 
0.0.0.0          0.0.0.0     172.16.1.254       172.16.1.1    276 
127.0.0.0        255.0.0.0         On-link         127.0.0.1    306 
127.0.0.1  255.255.255.255         On-link         127.0.0.1    306 
127.255.255.255  255.255.255.255         On-link         127.0.0.1    306 
172.16.1.0    255.255.255.0         On-link        172.16.1.1    276 
172.16.1.1  255.255.255.255         On-link        172.16.1.1    276 
172.16.1.255  255.255.255.255         On-link        172.16.1.1    276 
192.168.1.0    255.255.255.0         On-link       192.168.1.2    276 
192.168.1.2  255.255.255.255         On-link       192.168.1.2    276 
192.168.1.255  255.255.255.255         On-link       192.168.1.2    276 
224.0.0.0        240.0.0.0         On-link         127.0.0.1    306 
224.0.0.0        240.0.0.0         On-link        172.16.1.1    276 
224.0.0.0        240.0.0.0         On-link       192.168.1.2    276 
255.255.255.255  255.255.255.255         On-link         127.0.0.1    306 
255.255.255.255  255.255.255.255         On-link        172.16.1.1    276 
255.255.255.255  255.255.255.255         On-link       192.168.1.2    276 
=========================================================================== 
Persistent Routes: 
Network Address          Netmask  Gateway Address  Metric 
0.0.0.0          0.0.0.0      192.168.1.2  Default 
0.0.0.0          0.0.0.0     172.16.1.254  Default 
0.0.0.0          0.0.0.0     172.16.1.254  Default 
=========================================================================== [/FONT]

Notice the Persistent Routes, the first entry is the internal IP address, for some reason it shows my external IP twice. 192.168.1.2 Should never actually be a gateway for the server, but only for the clients.

the server IP configuration is as follows:

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVERNAME
Primary Dns Suffix . . . . . . . : domain.mydomain.org
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.mydomain.org
mydomain.org

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1F-E2-61-95-FF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4120:ec84:fb19:9837%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter
Physical Address. . . . . . . . . : 00-40-05-02-ED-E1
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::28d2:8730:ae1d:796d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.1.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.1.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E17568D3-BAEE-444C-98AC-798EF78BF
A0C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%12(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{DC503EBC-8BAE-4D1A-93CE-02C2958A5
483}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:172.16.1.1%14(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Its been quite the headache, but I believe that I've got it narrowed down. I just can't figure out how to fix it.
 
Looks to me like your gateway is configured to filter ICMP requests. Most do that by default to make them invisible to the world.

Check your router configuration.
 
Sorry about this, but are you saying to check the RRAS router config, or the Adtran router before the server?

Or should both of them allow ICMP requests?

I'm not real sure what you are suggesting I do.
 
Currently the RRAS server is set to receive all packets. This was the default setting, and I have not changed anything.

The adtran total access router was configured with our previous server, and passed the necessary packets, and did not give any errors like this, so I assume the problem is on my new server. But, I can't seem to find the setting on the adtran router for packet filtering. I doubt I need to adjust it, though.

While I was trying to find the setting on the server to allow ICMP I disabled it by accident, and no ping replies came through at all. But as soon as I enabled it, just the first reply timed out, and the rest made it just fine.

can you think of any screen shots, or information I could provide that would clarify the problem?
 
I really think the problem is here, as 192.168.1.2 should not be the gateway for the server at all, and is not set to the gateway in the IP config. this should only be the gateway on the clients.


Code:
Persistent Routes: 
Network Address          Netmask  Gateway Address  Metric 
0.0.0.0          0.0.0.0      192.168.1.2  Default
 
Back
Top