Windows static route not working

Question

I have a Server 2008 R2 machine connected to 2 networks with its 2 network cards.

LAN 192.168.2.0/24 SAN: 192.168.168.0/24

I have a site-to-site VPN with the following network layout:

VPN: 192.168.4.17/29

For some reason whenever my server pings the VPN network it times out most of the time. Machines on my LAN that aren't connected to the SAN have no problem communicating with the VPN. If I disable the SAN network card on the server, it also has no problems communicating with the VPN network.

I've attempted to add a static route to ensure traffic passes through the LAN interface to reach the VPN network but it worked for 2 ping attempts then stopped. Here's my routing table:

    ===========================================================================
    Interface List
     12...00 50 56 aa 00 03 ......Intel(R) PRO/1000 MT Network Connection #2
     10...00 50 56 aa 00 02 ......Intel(R) PRO/1000 MT Network Connection
      1...........................Software Loopback Interface 1
     11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.47    266
              0.0.0.0          0.0.0.0    192.168.168.5   192.168.168.30    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.2.0    255.255.255.0         On-link      192.168.2.47    266
         192.168.2.47  255.255.255.255         On-link      192.168.2.47    266
        192.168.2.255  255.255.255.255         On-link      192.168.2.47    266
         192.168.4.17  255.255.255.255      192.168.2.1     192.168.2.47     11
        192.168.168.0    255.255.255.0         On-link    192.168.168.30    266
       192.168.168.30  255.255.255.255         On-link    192.168.168.30    266
      192.168.168.255  255.255.255.255         On-link    192.168.168.30    266
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      192.168.2.47    266
            224.0.0.0        240.0.0.0         On-link    192.168.168.30    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      192.168.2.47    266
      255.255.255.255  255.255.255.255         On-link    192.168.168.30    266
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
              0.0.0.0          0.0.0.0      192.168.2.1  Default
              0.0.0.0          0.0.0.0    192.168.168.5  Default
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
      1    306 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None

I'm attempting to define it so that any time 192.168.4.X needs to be reached, the packets will be sent to 192.168.2.1 which is my SonicWall router where the VPN is connected. What am I doing wrong?

Get rid of the Default Gateway on the SAN NIC. – joeqwerty Jan 30 '14 at 18:57 — joeqwerty, Jan 30 '14 at 18:57

score 1 · Accepted Answer · answered Jan 30 '14 at 17:20

1

Stick to one default gateway, and then add your static routes based on which gateway you go with. So if you keep the 192.168.2.1 as your Default Gateway and remove the 192.168.168.5 you'll need to add routes for any subnet that isn't directly connected to that 192.168.168.0/24 network you have direct access to if you want to reach it via that NIC.

answered Jan 30 '14 at 17:20

TheCleaner

32,627
26
132
191

I have no idea why the 192.168.168.5 network also has a default gateway assigned. Windows did that on its own. I guess I need to delete it then. How do I make this change persistent? – user207539 Jan 30 '14 at 17:35
If it is getting a DHCP address, you can't. You have to assign the IP statically and then not set a Default Gateway on that NIC. – TheCleaner Jan 30 '14 at 19:22
It wasn't using DHCP. Solved it myself with: route delete 0.0.0.0 route add 0.0.0.0 0.0.0.0 192.168.2.1 route add 192.168.4.17 192.168.2.1 -p – user207539 Jan 30 '14 at 19:53

score 1 · Answer 2 · edited Apr 13 '17 at 12:14

The problem is that you have two default gateway here. I answered a question just like that a day or two ago.

Setting a static route for a specific network adapter with two network adapters

What you want to do is to have only one of the two network adapter with a default gateway. At that point, all traffic for other network will route through that adapter which has the default gateway.

If you then want to route 192.168.4.x through the other interface, you can add a route that sends that traffic to the gateway of your choice. If that gateway is on the same subnet as your interface which does not have a default gateway defined, then it will go through that interface.

Windows static route not working

2 Answers2

Linked