Re: New At Network Configuration

Hi,

Firstly, so as I understand correctly.

I install RRAS for NAT before ISA??
ISA sets RRAS parameters.??

Or is it that I do not install RRAS and ISA in effect does this for you.

I understand what you say about configuring ISA, as to start with the computer
running ISA could only connect to the ms site. Now I can connect to any site.

Also before the installation of ISA the DC Server computer could ping the server
that ISA was to be installed on. Now it cannot.

Again thank you for your patience.

------------------------------------

"Bill Grant" <not.available@online> wrote in message news:e5vbeYBQHHA.1380@xxxxxxxxxxxxxxxxxxxxxxx
If you have installed ISA server, do not try to change the settings in RRAS manually. ISA sits on top of RRAS and configures RRAS directly. If it is not working, you have not configured ISA correctly.

"Silom" <nospam@xxxxxxxxxxxxxxx> wrote in message news:C2FD36B6-CB13-4B6B-B73B-4257D331F17B@xxxxxxxxxxxxxxxx
Hi,

May I firstly thank you for your good council.

Having worked through your scheme I now understand much better what a
monster
I had proposed.

I see that the private ip settings are in essence the same but in one
or two places they are different than before. I have assumed this was
because
I had two NIC's on the DC. Certainly the elements contained within
AD/DN/DHCP
all appear to be working properly and adding a new machine connects without
any
problems and its information is broadcast throughout AD/DN/DHCP.

I was thinking of ISA server for the firewall and I have set this up as a
standalone
server and joined it to the DC. I have been slowly configuring it and it
communicates
with AD on the DC server with no difficulty.

QUESTION:

Am I correct in that I also need to install RRAS on the ISA server computer
in order
for internal network clients to access the internet. This they cannot do at
the moment.

If this is correct are there any additional settings that are require over
and above
those put in place when the installation wizard is run??

If I am not correct I am sorry but I cannot find settings within the ISA
manager to fix
the problem.

Once again many thanks for your kind help and assistance.


"Bill Grant" <not.available@online> wrote in message
news:eu0Pir0PHHA.3668@xxxxxxxxxxxxxxxxxxxxxxx
I agree with Danny. This is much too complex. Using multihomed servers as
domain controllers is bad practice and will cause you problems.

If you want to use a server as a router/firewall for your LAN, do not
make it a domain controller. Use a standalone server (running ISA server
if possible). But this may be overkill for your setup. For testing you
could use RRAS, which comes as part of 2003 R2, as a NAT router. Have you
considered running a hardware firewall instead?

You only need one internal network, and the machines on it only need
one NIC. Only the router/firewall should have an interface in both
networks. eg

Internet
|
public IP
router/firewall
private IP (eg 192.168.31.254) default gateway blank
|
all LAN machines (workstations and servers)
192.168.31.x dg 192.168.31.254

Give the server you want to use as the DC a static IP, then run dcpromo
to set up AD and DNS. When you configure DHCP, set all machines to use the
DC for DNS and the firewall as default gateway (192.168.31.254 in the
example above). Modify the DNS on your DC to forward to a public DNS
server (so that it can resolve foreign URLs as well as local names).

Where you locate the web server is a problem. If you put it on the
"public" network, you will have problems using it or updating it from the
LAN (because it is outside the firewall). A common practice is to have the
web server on the LAN and arrange for public access to it via the
firewall. (That is the remote users connect to the firewall and the
firewall redirects queries to the web server on the LAN).


"Danny Sanders" <DSanders@xxxxxxxxxxxxxxx> wrote in message
news:%23d0TykxPHHA.320@xxxxxxxxxxxxxxxxxxxxxxx
administrative computer and then the Group of
workstaions connect via the admin computer to the network


You lost me here.

I really can't follow what you are trying to do.

DDS
"Silom" <nospam@xxxxxxxxxxxxxxx> wrote in message
news:53466EA0-D716-49D8-9E68-0E72073D8D7D@xxxxxxxxxxxxxxxx
Hi All,

I am very new to all of this.

I am using MS Server 2003 R2 etc and so far have tried some very simple
networks all using the same internal network.

Now I would like to start a network where a group of workstations
connect to the network but using a different address.
So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall, an
administrative computer and then the Group of
workstaions connect via the admin computer to the network.

Computer 1. two NIC's (one for the internet, one for the local network)
(srv 2003 r2)
Computer 2. a single NIC (web server)
Computer 3. two NIC's (one for the local network and one for the admin
computer) (firewall)
Computer 4. two NIC's (one to connect to admin and the other to the
Group of workstations) (Admin)
Computers 5 - 10 one NIC each


I let the server program configure as a typical first server. OK. Those
computers that reside up to the firewall
(as yet not installed), computers 1 to 3, connect to the network and
also the internet using DHCP/DNS/AD/RRAS as setup.

However, The card in computer 3 that looks to connect to the admin
computer and those which look from the workstations
to the admin computer do not connect to the network.

I have not setup any other configurations except as instructed "To Do
Next" after the initial setup. I am seeing leases
used under DHCP and the same addresses appearing in the FWD Lookup zone
under the domain name.

Can some assist me in configuring the necessary aspects to help me
rectify the problem.






.

Relevant Pages

  • Re: ISA 2006 configuration question - multiple VLANs and domains
    ... very familiar with network segments vs. domains et. al. ... multihomed ISA 2006 server forward a DHCP request to the proper VLAN ... ISA is a Firewall Product designed to protect a network from the Internet. ...
    (microsoft.public.isa.configuration)
  • RE: Firewall service and remoteaccess service shut down frequently
    ... Do you have run the CEICW after installing the ISA components? ... please open SBS server management console, ... Click the Add Adapter button, and add your internal network adapter ... Meanwhile, from the subject, you said you the firewall service and RRAS ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN breaks after installing patches
    ... I have just received your email due to some network traffic problems. ... access the network shares was denied by ISA Server. ... Open the Server management console, navigate to "Internet and E-mail", ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon Failures from unknown workstation
    ... possibility is that someone had an unauthorized computer on the network such ... server's properties in the rras console. ... was recorded in the "system" log of the VPN server. ... > There is no workstation in our forest named AFREEMAN; ...
    (microsoft.public.security)