Re: Windows 2003. Configuring multiple subnets on the same server

Q1. I can't help you with VMWARE Bridge protocol. I don't run VMWare. You
certainly do clear Internet Protocol (TCP/IP). You do not want the host IP
stack to know about this NIC.

The vm running ISA has two network connections. One is to the public
network and one is to the private side. If your host machine is connected to
the private side you must ensure that it does not have any possible
connection to the public network. If it does there is always a chance that
traffic from the public side could reach the private network (or vice versa)
without going through the firewall. That is why it is important that the
public NIC in the host machine is accessible to the vm but isolated from the
host machine.

Q2. It does not really matter. The host machine will never see this NIC. It
is effectively disabled as far as the OS in the host machine is concerned.
All traffic going through this NIC is handled by the IP stack in the virtual
machine. The IP stack in the host only sees the NIC which is on the private
network.

"gocrm" <gocrm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:998F28A3-A86B-417C-AEFF-BB1CB56E1BBF@xxxxxxxxxxxxxxxx
Hi Bill,

You are a genius. You've just solved the mystery to my config problems.

1) You mentioned about isolating one of the NIC from the host machine.
How
do I configure the isolation? I looked at the property settings and does
see
"VMWARE Bridge Protocol". Is this what you were referring to? If so, I
would just uncheck everything else... including TCP/IP Protocol? Is this
what you were referring to?

Also, I am confused at the comment where you mentioned "to avoid the
possibility of BYPASSING the ISA Firewall". Could you please clarify the
"bypassing" term when referring to the ISA and the HOST?

2) I clearly understood about one of the NIC is in the same IP subnet as
the
other
machines on switch1. You mentioned it does not have an IP address on the
host machine. So do I just leave it blank in the auto detect mode for
both
IP and DNS?

Thanks a million!





--
Regards,

Andy


"Bill Grant" wrote:

Combining this info with the diagram you posted in the
public.virtualserver NG, I am beginning to see what you want to do.

If you have a NIC in each host machine which is plugged into a port
on
your internal switch (switch2 in your diagram) and link the NICs on your
vm
guest machines to this network, they should all be able to communicate
because, from a networking point of view, they are all in the same
segment.
The virtual machines will behave just like additional machines plugged
into
the switch. You cannot use a loopback adapter in this case, because you
need
to be able link virtual machines which are running on a different host.
(Any
other physical machines plugged into this switch will also be reachable).

To access the Internet these machines would use the ISA server vm.
This
machine would have its "public" NIC connected to switch1. This NIC would
be
isolated from the host machine (as discussed in another posting) to avoid
the possibility of bypassing the ISA firewall.

With this setup, all of the machines actually plugged into switch2
and
all of the vms with one NIC will be in your private network. They will
access the Internet through ISA server running in one vm, which is
connected
to the Internet via switch1. This NIC is in the same IP subnet as the
other
machines on switch1. It does not have an IP address on the host machine.





.

Relevant Pages

  • Re: SBS guest on Virtual Server 2005 host?
    ... 'if the host server has only one NIC' ... I agree however that running SBS in the VM is 'pushing the envelope'. ... SBS runnning in the virtual environment also has two NICs, ...
    (microsoft.public.windows.server.sbs)
  • Re: Attempting To Add VM to Perimeter Network
    ... Both host machines must "mirror" each other as to the physical nic setup. ... Then the physical Nics of the two hosts machines must have Physical ... connectivity between the respective nics (perimeter to perimeter, ...
    (microsoft.public.isa.configuration)
  • Re: Virtual Server 2005 R2 networking
    ... In the network properties of the NIC on the host which is used by the host, ... possible that the switch only allows one MAC address. ... If that is the case you will need two NICs in the host, ...
    (microsoft.public.windows.server.networking)
  • Re: real NIC or virtual interfaces - for httpd-Server
    ... I would use both onboard nics - one with the host ip, ... also bring down the real physical interface. ... network card fails (or someone purposefully puts high voltage onto your ...
    (Fedora)
  • Re: Virtual Server 2005 R2 networking
    ... If you need to go the two NICs route it is work doing a few extra steps. ... In the network properties of the NIC on the host which is used by the host, clear the checkbox for Virtual Machine Network Services so that it will not be offered as a option for vms. ... Some switches will not allow multiple MAC addresses to use the same switch ...
    (microsoft.public.windows.server.networking)