Adding Static Routes

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

In some cases, instead of using routing protocols to dynamically update routing tables, you must configure one or more static routes on the intranet interfaces and demand-dial interfaces of the demand-dial routers in your site-to-site deployment. A static route, which creates a specific path to a destination IP address in an IP network, is one of a set of routes in a routing table that are permanent until changed by a network administrator or by an automatically scheduled auto-static update.

The following topics provide the information that you need to manage static routes for a site-to-site connection:

  • Static routes for a site-to-site connection

  • Auto-static updates

  • Using on-subnet or off-subnet address ranges

Static routes for a site-to-site connection

You might need to create one or more the following types of static routes for your site-to-site connection:

  • LAN interface at both sites. On both the calling and answering routers, configure a static route or routes on the LAN interface that connects the router to the local intranet. Include a static route for each subnet that makes up the local area network.

    Alternatively, you can use a routing protocol instead of configuring static routes. For more information about using routing protocols, see Using Routing Protocols in this guide.

  • Demand-dial interface for the remote site. On the calling router, configure a static route or routes on the demand-dial interface that connects the router to the remote site. Include a static route for each subnet in the answering router’s network that you want users to be able to access (or you can use the default route).

    Alternatively, for a persistent site-to-site connection only, you can enable a routing protocol on the demand-dial interface instead of configuring static routes. For more information about using routing protocols, see Using Routing Protocols in this guide.

  • Demand-dial interface for the local ISP. On the calling router — for a VPN connection in which the branch office router uses a temporary link to a local ISP only — you must configure a static host route on the demand-dial interface that connects to the local ISP. The destination that you specify for this static host route is the IP address of the answering router’s Internet-connected interface; this IP address is assigned to the answering router by its local ISP.

  • Router user account. For a one-way connection in which the answering router is a stand-alone router or a member of a native-mode Active Directory domain, you can skip creating a demand-dial interface on the answering router. In this case, you must configure a static route or routes in the calling router’s user account that identify the network IDs of the calling router’s site.

For information about how to configure static routes, see Configure Static Routes in the RRAS Deployment Guide.

Auto-static updates

You can add the static routes that correspond to the network IDs available across a demand-dial interface either manually or by using auto-static updates. An auto-static update is a one-time, one-way transfer of routing information. In contrast to the periodic announcements issued by routing protocols, an administrator must either issue a command to initiate a manual auto-static update or must schedule auto-static updates by running the update as a scheduled task.

When instructed, a demand-dial interface that is configured for auto-static updates sends a request across an active connection to request all of the routes of the router on the other side of the connection. In response to the request, all of the routes of the requested router are automatically entered as static routes in the routing table of the requesting router.

Using on-subnet or off-subnet address ranges

If any of the static address ranges that you configure in the IP properties of the answering router is an off-subnet address range, you must add routes to the routing infrastructure in order for the virtual interfaces of calling routers to be reachable. During the PPP negotiation, each router typically assigns an IP address to the virtual interface of the other router. When a site-to-site connection is made, each router sends traffic to the other router using the virtual interface that corresponds to the dial-up, PPTP, or L2TP port of the connection. For more information about how each router assigns an IP address to the other, see IP Address Assignment for the Virtual Interface in this guide.

The method used to ensure the reachability of the virtual interfaces in a site-to-site connection depends on how you configure each router to obtain IP addresses for calling routers (and for remote access clients, if your network also supports them). You use either an on-subnet or an off-subnet address range for these IP addresses.

On-subnet address range

An on-subnet address range is an address range that is part of the subnet to which the answering router is attached. An on-subnet address range provides the IP address to the calling router for a virtual interface whenever the answering router is configured to use Dynamic Host Configuration Protocol (DHCP) to obtain IP addresses, a DHCP server is available, and the manually configured pool (or pools) of IP addresses are within the range of addresses of the attached subnet. If you use an on-subnet address range, no additional routing configuration is required.

Off-subnet address range

An off-subnet address range is an address range that represents a different subnet than the subnet to which the answering router is attached. Off-subnet addressing uses a separate subnet address space that is unique to the intranet. An off-subnet address range provides the IP address for a virtual interface whenever the answering router is manually configured with a pool of IP addresses for a separate subnet.

If you use an off-subnet address range, you must add the route or routes that summarize the off-subnet address range to the intranet routing infrastructure so that traffic destined to the virtual interfaces of connected routers are forwarded from the originating node to the local dial-up or VPN router and then sent by it to the appropriate connected remote router. You can add the routes that summarize the off-subnet address range to the routing infrastructure by using the following method:

  • Add static routes for the off-subnet address range that point to the dial-up or VPN router’s intranet interface to the neighboring router. Configure the neighboring router to propagate this static route to other routers in the site by using the dynamic routing protocol used in your site.

If your site consists of a single subnet, and you use an off-subnet address range, you must do one of the following:

  • Configure each intranet host for a persistent route (or routes) that points to the dial-up or VPN router’s intranet interface. The route (or routes) expresses the off-subnet address range.

    In the RRAS MMC snap-in, you must configure address ranges with a starting and ending address. To simplify the set of routes needed to express the off-subnet address ranges, express each range as an IP address with a subnet mask.

  • Configure each intranet host with the IP address of the intranet-connected interface of the dial-up or VPN router as its default gateway.

If your site consists of a single subnet, it is more efficient to use an on-subnet address range.