Slow network when chaning default gateway from AD server to Internet router


5 Jun 2007
We just received a new internet connection at our office (in northeastern Cambodia). The connection is working, but we have trouble with getting the clients on the network to access the connection.

The problem is the following: We have a Windows 2000 server with Active Directory, DHCP server, DNS server, etc.

When we got the new Internet connection we connected it to a router on the network. After doing that no one could still access the internet. In order for the clients to access the connection, we switched the DHCP server from the server to the router to see if it solved the problem. In one way it did, everyone could now access the Internet. But instead we got big problems with our domain. It took forever to login and communications with the server was very slow.

There are 2 possible problems as I see it:
1. Between the server and the main switch, we have a 1000 Mbps connection. When using the router as gateway, maybe all traffic goes through the router and then to the server, creating a bottle neck at the router, which is only 100 Mbps. But it feels like the speed should be enough anyway.

2. The domain controller wants to be primary default gateway and cannot function properly unless it is the default gateway.

The solution that comes to my mind is that all clients should go to the server first. If the address or name is not found there, the server should redirect them to the router and internet DNS servers. The problem is that I don’t know how to implement this.

Any help or small ideas would be appreciated!

Regards, Jeremia


26 Apr 2004
!!! please don't tell me you are putting your network directly on the internet..

Chances are you are using an internal/non-routable/RFC addresses for your internal network handed out by your internal/AD DHCP server (usually a 192.168.x.x or a 10.x.x.x address range). These IP addresses are non-routable on the internet .. meaning, they don't work when connecting to the internet.

Couple things:
1) Get a firewall.. something/anything! between your network and the Internet connection
2) Is your servers and desktop/laptop's on the same IP subnet? for starters..
3) Set the default route in your DHCP scope on your active directory server correctly
4) Set your routers to correct route traffic to the correct subnet (if the servers/firewall is on a different subnet)
5) Get a good book (or other resource) on IP Networking :)


5 Jun 2007
Yes we use internal addresses for our internal network (192.168.2.x) handed out from the DHCP server located on the windows 2000 server.

1. The router has a built in firewall. As do the server and all clients.
2. I do not know what a subnet is. They are in the same IP range from the DHCP server. I don't know if that is an answer to your question.
3. By default route I guess you mean default "router". So far when I have set it to the server, the clients have not been able to access the internet.
4. Subnets?
5. Thanks! :)

I think I know what the problem is now. I think I tried the right configuration, but forgot to clear the IP leases from the DHCP server and renew the client's IP addresses. I think the right configuration would be the following:

Default gateway/router: The router
DNS server 1: The internal DNS server
DNS server 2 & 3: The ISP's DNS servers

I will get back tomorrow (The clock is 9:30 pm here) when I have tried the settings at work. Thank you very much for you time and will to help me! It is very much appreciated!

Best regards, Jeremia

Ps. I would read many books if I had time. But I don't. I have to learn maybe 5 new subjects each week in order to deal with the tasks I have at hand. And then teach as much as possible to the locally employed IT responsible who only have a finished Cambodian high school education, no IT education. Until just recently I had to do this with an unstable 33.6 kbps dial-up connection. But we finally managed to get an ISP to think it would be interesting to provide "high speed" internet connection. So we now have a 128 kbps connection which we pay $200 per month for. I also do not get any salary for doing all this.


5 Jun 2007
Correction: The server and clients does of course not have "built in" firewalls, but installed firewall software.

