If I understand the original post correctly there was a network with a single router. That single router had one outside interface to WAN and one inside interface to LAN. In that environment there is no need (and as far as I can tell no benefit) from running a routing protocol. A dynamic routing protocol is helpful when there are alternative paths and you want to be able to dynamically change the network path for forwarding traffic to react to changes in the network. But for a single router with a single outside interface and a single inside interface then every network/subnet is a directly connected network/subnet and there are no choices.

The original post goes on to say that they installed a second router. That second router connected to the inside subnet and was intended to connect to a different outside. What they experienced was that devices in the network began forwarding their traffic to the new second router. 

We do not yet have enough information to be able to explain this situation. We need to know some things including what is the network/subnet of the inside network, what is the address in that network of the first router, what is the address in that network of the second router, do devices in that network learn their IP address and gateway from DHCP or are they manually configured, do all the devices in the inside network have the same default gateway, what is the default gateway of these devices.

HTH

Rick

                                                                                                                                     Private

                                                                                                                                WAN Cloud

                                                                                         Static IPSEC IP routes            |

                                                                                 IP address  10.0.0.254/24             |

            Multiple Windows Servers------ switch-------    legacy router------              |

            10.0.0.0/24 lan network                 |                                                                   |-------multiple legacy sites    

             GW 10.0.0.254                             |                IPSEC GRE Tunnels                      |

                                                                 |                IP 10.0.0.200/24                          |

                                                                                   new EIGRP router----------       |

                                                                       no Connection to the local swt                 |--To future EIGRP GRE Tunnel sites

                                                                                                                                                             |

                                                                                                                                Private

                                                                                                                            WAN Cloud

                                                                                                                               |

                                                                        GW IP address 10.0.0.254/24         |

 Multiple Windows Servers------switch------legacy router------------------   |

 10.0.0.0 LAN network                         |                                                                  |---------multiple legacy sites    

 GW 10.0.0.254                                   |                    IP 10.0.0.100/24                    |

                                                           |----new EIGRP GRE Tunnel router-----     |

                                                                         Connection to the WAN                  |-------To future EIGRP GRE Tunnel sites

                                                                                                                                                            |

The legacy network gateway router which connects to our private WAN equipment 172.16.1.1/24 (outside interface) and another interface on the local network 10.0.0.254/24 GW (inside interface) using static routing running IPSEC. Note: All other sites routers are setup the same way. 

After adding another router that also connects to the WAN equipment 172.16.1.10/24 (outside interface) with its local interface on the local 10.0.0.100/24 network (inside interface) with routing protocols EIGRP running on it across GRE tunnels running IPSEC. The goal is to migrate our sites over to the new router running on a routing protocol across GRE tunnels.

The sites connectivity problem happens when I connected the new router to the local network. The network starts sending all of its WAN traffic to the new router even without another site running EIGRP or the new routing scheme.

The new router is an ISR4331 which has IRDP disabled by default.

 What would cause the Windows servers to choose the new router over the legacy router that has the networks gateway on it?

Hello Byron,

you have added some information to your initial post, but it is not enough to explain why the windows servers in 10.0.0.0/24 have decided to send their outgoing traffic to the new router.

You need to verify on a windows server the following information on a command prompt shell:

route print

to see the default gateway settings it should still be 10.0.0.254

arp -g

to check the MAC address associated to 10.0.0.254 and to 10.0.0.100 respectively.

I have two questions on the new router :

a) have you configured a First Hop Redundancy Protocol like HSRP or VRRP with a VIP = 10.0.0.254 if this is the case be aware that the new router will send out gratuituos ARPs for the VIP 10.0.0.254 with the MAC address associated to the HSRP or VRRP group and this will overwrite the ARP tables of the hosts and this could explain why servers start to send traffic to the new router

b) the old router and the new router are running EIGRP on the internal interface 10.0.0.0/24 ?

In this case the old router could learn more specific EIGRP routes from the new router and could send ICMP redirects to the servers telling them to use IP 10.0.0.100 to reach some destinations that fall inside the more specific EIGRP routes.

You can check this with

show ip eigrp neighbors

show ip route eigrp

Hope to help

Giuseppe

Byron

Thank you for the additional information. I agree with @Giuseppe Larosa that we do not yet have enough information to identify the issue. Giuseppe seems to understand that both routers are running EIGRP. My understanding of the environment is that only the new router is running EIGRP and the original router is using only static routes. Can you provide clarification?

In addition to the information from a device connected on the lan would you provide the config of both routers (masking off sensitive information)?

HTH

Rick

Hello Rick,

about EIGRP between old and new routers it is a question/hyphotesis I posed to the original poster Byron.

For the observed issue that all devices are sending traffic to the new router just after inserting it on the network, I see two possible options/hyphotesis  that I have posed as questions:

a) an HSRP or VRRP group is configured on the new router using as VIP exactly the 10.0.0.254 of the old router and for the gratuituos ARP this overrides ARP table on end user devices with a MAC address that is not that of the old router

b) the old router is still the default gateway, but learns better more specific routes via EIGRP from new router and sends ICMP redirects to end user devices to make them use it for sending traffic.

I agree that option a) is more likely to happen but until Byron does not provide additional info it is difficult to go on.

Hope to help

Giuseppe

Hello Byron,

can you take

on a windows server OS shell

route print

arp -g

in two conditions

a) with new router isolated from the network

b) with new router inserted in the network

Please note that is enough to run HSRP or VRRP only on the new router to create the ARP overwrite if the VIP is equal to old router internal IP address 10.0.0.254, there is no need to run HSRP/VRRP on the old router too to have this side effect.

However, at this point only seeing and comparing the outputs of the above show commands on a server in the two conditions we can hopefully understand what is happening.

Can you post also

show ip interface <lan-SIDE> of the new router to check all the ARP and proxy ARP settings.

Hope to help

Giuseppe

Hello Byron,

I do not see any attached file to your last posts with the network diagram.

Can you also answer to the questions asked by Richard ?

It is not possible with the current info to explain why internal devices started to send traffic to the new router.

Possible issues can be originated with default gateway settings and IP address assigned to inside interface on new router.

Hope to help

Giuseppe