Re: How to configure for Two different IP subnets
- From: "Bill Grant" <not.available@online>
- Date: Tue, 16 Jan 2007 11:18:29 +1100
Active Directory will go haywire in a setup like that. One reason is DNS.
AD integrates with the local DNS, so you cannot use the DNS at your ISP
(which is how your workgroup computers use DNS). With AD, all computers in
the domain must use the local DNS only. To resolve foreign URLs, you need to
set the local DNS to forward to a public DNS service.
The second major problem is the multihomed DC. You have to be very
careful that the domain members only see the private (or local) IP address
of the DC. There is also the problem with Netbios names and the browser
service.
The wizards in SBS look after these problems. With Server 2003 Standard
or Enterprise you need to look after it yourself.
If you want to experiment with AD I would strongly support your idea of
using another device as the router and configure AD on a server with one
NIC. Note that you will still get some of these problems back if you connect
to this server by VPN. When a user connects, the server acquires a second IP
for its internal interface (ie the VPN endpoint). So you have a multihomed
DC again. These have been discussed by Bob.
"Jeff" <jefffby@xxxxxxxxx> wrote in message
news:I0Pqh.1259$G23.872@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks Robert and Bill,
I realize this is actually way more than I need for my setup, infact just
setting up a server is more than I even actually need. Although I do like
the vpn aspect that has helped out alot. I actually had the whole server
setup and working as I described except for the fact that I only had 1 nic
and had it all set to the same 192.168.x.x as my router. everything was
working very well that away after playing with it for awhile.
Robert I have actually used the sites that you have links to on numerous
occasions and have actually read a couple of the articles that you had
referenced here already, I have seen that you use this site quite often in
many of the posts here.
Bill thanks for a little more insite into this also, I guess since this is
not a recommended why to do this is maybe why I have been unable to find
very good info on the setup.
I am doing this more for learning than anything but would like to also put
it to some practical use. I have been some programming in .Net and was
wanting to set this up so I could also see how working with a network
effects the programming and the abiliting to Vpn to get to my system while
away is a wonderful thing at times and using it to allow a few other
people that I have set up as users to use the system as well. I just
wanted to get this into its own ip address range.
my thinking was(is) that this is what the server was suppossed to do. I
mean I see where it seems to be common practice to have two nic cards in
the server with the outside Wan coming into one and the network setup on
the second nic with the internal addressing. In my mind this is
essentially the same thing, like I said I am just learning so I may be way
off base here. I do not have the money or the computers to have serveral
2003 servers running all the time i just thought this could all be
accomplished on one machine without too much issue like I had it setup
with just the one nic card.
I thought that I had the Nic cards setup like what Bill is describing
here, but that my active directory went haywire on me which in turn would
not let me run the DHCP. But part of that problem could also have been
that I had already had everything set up using the one nic card on the
192.168.x.x ip range and then when I tried to switch it over is when
everything could have went haywire.
Anyway thanks for the input I guess I will keep trying to get it set up,
or my second thought last night might be the simple solution and that
would be to get a second hardware router and segment the system that away,
but then I have not learned anything that away.
Again Thanks,
Jeff
"Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx> wrote in message
news:OnysMGLOHHA.140@xxxxxxxxxxxxxxxxxxxxxxx
Bill,
Thank you for the detail inputs.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message
news:ONzZ6yDOHHA.4992@xxxxxxxxxxxxxxxxxxxxxxx
As Bob said there are a lot of issues involved here. Active Directory is
really overkill for a setup like that. You don't need it to allow an
incoming VPN connection and running RRAS on a DC is definitely not
recommended. The other major problem you strike with AD is DNS.
If you really want to run a domain behind a workgroup, it can be done.
It can even be done using the DC as the router (otherwise Small Business
Server wouldn't work) but it is not simple or straightforward. It
certainly
doesn't work using the default setup wizard in Server 2003. It becomes
even
more difficult if you also configure the DC as a VPN server.
If you only want a second IP subnet using the Windows server as a
router, things are simpler. You can configure the router as a normal LAN
router (but this will mean you need to add extra routing to the Linksys so
that it knows how to find your internal subnet). If you can't or don't
wish
to fiddle with the Linksys, you need to configure the server as a NAT
router. This solves the routing problem on the Linksys because all traffic
going to the Linksys from your internal subnet is using the 192.168.1.x
address of the server (because of NAT).
The network config is like this.
Internet
|
Linksys
192.168.1.1
|
workgroup machines
192.168.1.x dg 192.168.1.1
|
192.168.1.n dg 192.168.1.1
RRAS
10.10.1.1 dg blank
|
workstations
10.10.1.x dg 10.10.1.1
If you configure the RRAS router for NAT routing should just work.
Without NAT (ie LAN routing only) you need a static route on the Linksys
to
send the traffic for the inner subnet to the internal router. ie
10.10.0.0 255.255.0.0 192.168.1.n
"Robert L [MVP - Networking]" <noreply@xxxxxxxxxxx> wrote in message
news:eyMVtGDOHHA.5064@xxxxxxxxxxxxxxxxxxxxxxx
We have many issues with this configuration. Here are two:
1. You should not enable RRAS on a DC. Check this link for more details.
Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How
to
assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -
case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server ...
To
assign the DNS and WINS to a VPN client for name resolution, you should
configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm
2. You don't need two NICs for VPN. How to may help,
How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How
to
setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX
...
http://www.howtonetworking.com/Windows/vpnsetup.htm
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jeff" <jefffby@xxxxxxxxx> wrote in message
news:fYwqh.1217$G23.126@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Just wondering if someone can please explain how I can get two different
ip
subnets working? I have been googling, reading the newsgroups, and
reading
books but I just can not figure out how to make this work.
I have Windows server 2003 and here is what i am trying to setup:
INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER
This is where I can not get it to work, from my understanding i need two
nic cards in server.
NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default
gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is
given
one from my isp, WINS=JEFF1 10.10.1.1
NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet
255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given
from
one from isp, WINS=192.168.1.2
When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
ran
the wizards and went with the settings it provided but when all was said
and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the
JEFF1.MYDOMAIN.LOCAL
server for some reason.
Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some
help
in understanding what settings I need to make and where. Like I said I
have
been searching found alot kind of referencing what I am trying to do but
as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only
thing
I can figure out is this must be so easy that there does not need to be
any
explainations on the settings, but for the life of me I can not figure it
out.
So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would
appreciate
it.
Thanks, Jeff
.
- Follow-Ups:
- References:
- How to configure for Two different IP subnets
- From: Jeff
- Re: How to configure for Two different IP subnets
- From: Bill Grant
- Re: How to configure for Two different IP subnets
- From: Robert L [MVP - Networking]
- Re: How to configure for Two different IP subnets
- From: Jeff
- How to configure for Two different IP subnets
- Prev by Date: FYI: Customer Webchat "EAPHost in Windows Vista and Longhorn" on January 18, 2 PM (PST)
- Next by Date: Re: Multihomed DC's
- Previous by thread: Re: How to configure for Two different IP subnets
- Next by thread: Re: How to configure for Two different IP subnets
- Index(es):
Relevant Pages
|
