Re: ISDN Routers w/ Windows Server 2003
From: Phillip Windell (none)
Date: 02/05/04
- Next message: Noodles: "Problem with 403 Forbidden URL"
- Previous message: Jim Harrison [MSFT]: "Re: ISA on SBS 2000"
- In reply to: Ben Scaithe: "Re: ISDN Routers w/ Windows Server 2003"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 5 Feb 2004 16:13:30 -0600
You can do the same with either ISA or Proxy2. ISA is obviously newer
and more advanced, but use whatever you want or can afford. However,
if you use ISA you MUST study ISA first, there is a LOT to it. You
can't just whip out the CD "load 'er up & let 'er rip" or you'll be
writing newsgroup messages for the next two months trying to sort out
the mess. Topology first, software second. You said you "might" go
with VPN,...well you have to decide what you are really going to do
first, then design the system upon that.
If you go with VPN:
A. Setup a two-nic proxy (ISA or Proxy2, I don't care).
B. Setup the proxy to receive VPN calls.
C. If remote workstations connect via VPN independently & singley,
VPN callers receive an IP# from your DHCP. You could also statically
assign them as long as you reserve a series of IP#s from your system
for that purpose. Their remote workstations become part of your
subnet via the IP# of their "VPN Adapter". They put your proxy's IP#
within the "dial up" connection properties *within* the Browser's
Connection settings. They do not put proxy settings in their Browser's
Connection/LAN settings.
-- The IP# of thier NIC is irrelevant
-- Their home subnet is irrelevant.
If remote workstations connect from behind some kind of "VPN Box"
the the remote users do nothing special other than put your proxy's
IP# in their Browser's Connection/LAN settings (opposite of above).
The VPN Box will be thier default Gateway.
-- The IP# of thier NIC is still irrelevant
-- Their home subnet is still irrelevant.
-- Phillip Windell [CCNA, MVP, MCP] WAND-TV (ABC Affiliate) www.wandtv.com "Ben Scaithe" <quixotic68@hotmail.com> wrote in message news:#yJVAcA7DHA.804@tk2msftngp13.phx.gbl... > I am only interested in if I will have a problem with the two branch office > users coming in on their respective routers and getting access to the > network server and to the Internet via the Internet router. When we switch > over to a faster broadband solution, we'll probably use VPN, which to my > knowledge means firewalling at each location. I just want to make sure > that, once we swap servers and before the broadband changeover, the branch > offices can talk to the network server, and hopefully the Internet as well. > > For example, we currently have a PC at a branch office with an IP of > 192.168.6.10, mask of 255.255.255.0, and gateway of 192.168.6.1. Their > router, of course, is 192.168.6.1, and it comes into the main office hub > through a router that has an IP of 192.168.0.2. The old server's > hub-connected network card is at 192.168.0.200, and the Internet > router-connected card is 192.168.10.200. The Internet router at the main > office has an IP of 192.168.10.1, which is the gateway setting for both of > the cards on the old server. With Proxy Server and WINS, these far flung > PCs are getting the access they need, albeit slowly. Once the new Windows > 2003 Server (currently with a single network card) and the Windows XP Pro > workstations are placed, I just need to recreate their connections on an > accessibility level; I will focus on security in a couple of weeks when the > new broadband is sorted out and implemented. > > The use of RRAS didn't occur to me. I haven't much experience with it, so I > will have to bone up in a hurry. Will I need to change the workstation or > router IP settings to account for RRAS usage (e.g. point to the server's > IP)? Does WINS need to be implemented for any reason? Anything else I need > to watch out for? > > > "Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message > news:e1UWuk46DHA.2996@tk2msftngp13.phx.gbl... > > You're asking conflicting questions: > > 1 - can ISA replace Proxy 2 and provide existing functionality: yes > > 2 - can you just install Windows 2003 and get the same functionality: no. > > 3 - will the existing network infrastructure allow you to create a > wide-open path to/from the Internet for all concerned: maybe. > > There's just not enough information here. > > > > If all you want is a wide open router, the W2K3 RRAS can accommodate you. > > If you want something smarter than your run-of-the-mill "hardware" > firewall (can't help but snicker at the idea), then you want ISA. > > > > -- > > Jim Harrison [ISASE] > > Read the help, books and articles! > > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > > > > "Ben Scaithe" <quixotic68@hotmail.com> wrote in message > news:eL6YrL46DHA.3052@TK2MSFTNGP09.phx.gbl... > > I am preparing to install a new Windows 2003 server in place of an old NT > 4 > > PDC server. This NT server acted as the central point for all network > > traffic, internal and Internet: > > > > One network card in the old server is connected to the company's Ethernet > > hub. IP - 192.168.0.200, Mask - 255.255.255.0, Gateway - 192.168.10.1 > > > > A SECOND network card in the old server is connected to an ISDN Router > going > > out to the Internet. IP - 192.168.10.200, Mask 255.255.255.0, Gateway - > > 192.168.10.1 > > > > The Internet ISDN Router's internal IP is 192.168.10.1 > > Furthermore, there are two other ISDN routers coming in to the hub from > > branch offices. > > One comes in on 192.168.0.1 > > The other comes in on 192.168.0.2 > > > > At the branch offices, they use 192.168.2.x and 192.168.6.x , > respectively, > > as the IP scheme, with the gateway set to their router at 192.168.x.1. > All > > workstations at each location uses a static IP address... no DHCP. > > > > The old NT server is running Proxy Server 2.0, with all the workstationsat > > all locations (all Win95/98) running the Microsoft Proxy Client. The > > connection in Internet Settings of all of the workstations is directed to > a > > proxy server of \\SERVER, port 80. That server also runs WINS Server. > This > > means that web activity from the branches come in on their designated > > router, goes through Proxy Server, and back out the Internet-connected > > router. > > > > The NEW server, as mentioned, is Windows Server 2003. We are also > replacing > > EVERY workstation with new WinXP Pro systems. > > > > My question is: Will it be necessary to purchase and load ISA Server to > give > > all branches full network and Internet access, or can I get away with > > setting the new workstations' gateway to the Internet router > (192.168.10.1) > > and their DNS to the providers DNS servers? We will be abandoning the > ISDN > > within the next month and switching to DSL or T1, and will probably either > > get routers with firewall capabilities or get a hardware firewall > solution. > > They aren't interested in blocking particular users or Internet services. > > Will the network's infrastructure allow what I want to do, or am I stuck > > with getting ISA Server? > > > > Thanks to any one who can help! > > > > > > > >
- Next message: Noodles: "Problem with 403 Forbidden URL"
- Previous message: Jim Harrison [MSFT]: "Re: ISA on SBS 2000"
- In reply to: Ben Scaithe: "Re: ISDN Routers w/ Windows Server 2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
