This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 61%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
The windows sever VM as two vNICS. One with connected at 10GB with the default gateway and the other a 1 GB without a gateway. Here is the routing:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.10.1 10.10.10.32 271
10.10.8.0 255.255.252.0 On-link 10.10.10.32 271
10.10.10.32 255.255.255.255 On-link 10.10.10.32 271
10.10.11.255 255.255.255.255 On-link 10.10.10.32 271
10.10.50.0 255.255.255.0 On-link 10.10.50.40 266
10.10.50.40 255.255.255.255 On-link 10.10.50.40 266
10.10.50.255 255.255.255.255 On-link 10.10.50.40 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.10.10.32 271
224.0.0.0 240.0.0.0 On-link 10.10.50.40 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.10.10.32 271
Persistent Routes:
Network Address Netmask Gateway Address Metric
When a network scanner is run on the 10.10.50.0 subnet, traffic appears on the firewall indicating packets are being sent to the gateway instead going directly using the on-link. I thought on-link routes were always taking over the default route. In case this was wrong I manually set the metric to be lower for the 1 GB nic. The routing table shows the metric is lower than the rest.
It seems if I ping an existing IP address it does not use the gateway. If I ping an existing IP address, it doesn't use the gateway.
My question: Does the server use the gateway, if the device is not responding? Is there any circumstance where the server would use the gateway instead of a on-link connection?
Here is the ipconfig output:
Ethernet adapter Ethernet 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #6
Physical Address. . . . . . . . . : 00-15-5D-0A-E0-2F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a5f0:20fe:a7f:639c%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.50.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 402658653
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-3A-10-76-00-15-5D-00-91-99
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet 11:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #5
Physical Address. . . . . . . . . : 00-15-5D-0A-E0-2E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c189:a031:82a0:52aa%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.10.10.1
DHCPv6 IAID . . . . . . . . . . . : 268440925
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-3A-10-76-00-15-5D-00-91-99
DNS Servers . . . . . . . . . . . : 10.10.10.8
10.10.10.10
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B16B7A8C-8781-4A5C-8A21-65BEC4955296}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{AF16ECE1-DBD7-40DF-9CA6-DB071346C7F7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Hi,
Thank you for posting in Q&A!
According to my understanding, in your situation, when you trying to access a device within the subnet of 10.10.50.xx, the scanner found out that network traffic are going through the other NIC(10.10.10.xx).
If my understanding has any problem, please correct it at any time.
Firstly, please understand that we are not familiar with the network scanner tool you use and forum doesn't support packet analyze.
According to our experience, traffic such as TCP& icmp will only go through the NIC with low metric. ARP traffic will go through both NICs. So it depends on the type of network traffic.
If you want to have a deep analyze of this issue, we suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.
You may find phone number for your region accordingly from the link below:
https://support.microsoft.com/en-us/gp/customer-service-phone-numbers
Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://video2.skills-academy.com/en-us/answers/articles/67444/email-notifications.html
Hi,
Would you mind letting me know the update of the problem?