Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- From: "Bill Grant" <not.available@online>
- Date: Wed, 8 Aug 2007 18:09:40 +1000
"markm75" <markm75c@xxxxxxx> wrote in message
news:1186544433.210552.313670@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 7, 9:26 pm, "Bill Grant" <not.available@online> wrote:
And also note that it is not a good idea to use a DC as a router,
whatever
setup you are using. A DC should only have one NIC and one IP. You will
get
all sorts of odd problems with a multihomed DC.
You will also almost certainly have DNS problems running a domain behind
a
NAT router, if you go down that path. All machines in a domain, including
the DC itself should use the local DNS. If you want Internet access you
need
to set up this DNS to forward to a public DNS service. Using the NAT
router
for DNS will result in problems for your AD clients.
"Phillip Windell" <philwind...@xxxxxxxxxxx> wrote in message
news:uPqzgpP2HHA.536@xxxxxxxxxxxxxxxxxxxxxxx
To add to Bill's comments, I need to clear something up before it
becomes
a point of confusion.
Domains have nothing to do with subnets,...subnets have nothing to do
with
Domains.
You can have 100 Domains all on one subnet,...or,..you can have one
Domain
that runs over 100 subnets. There is just no relationship between the
two.
Sharing resources between two Domains is all about properly configured
Trusts, Share Permissions, and NTFS Permissions.
Functionality across subnets is a matter of a proper Layer3 LAN Routing
scheme.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or
Microsoft, or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server
2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-...
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepart...
-----------------------------------------------------
"markm75" <markm...@xxxxxxx> wrote in message
news:1186431399.804955.180380@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have our production lan that is on 192.168.100.x.. this is a 2003
server domain, with a DHCP server running on one of the 2003 boxes.
I also have a development test lan that is 192.168.227.x.. this too is
a 2003 domain with a DHCP server running on one of the 2003 boxes
there.
I want to be able to share resources between the 2.. ie: if i'm a box
on 227.x.. i want to be able to either say \\192.168.100.2\apps or \
\servername\apps..
I've tried setting up RAS servers on both ends.. then setting static
routes between them..
I've also tried adding the 100.x gateway as a secondary gateway on the
one 227.x server, but this didnt work either...
One thing to note.. the 227.x lan is actually run completely on my
Vista machine under Vmware Workstation 6.x I have the servers set to
"bridged mode" (there is also nat mode, which uses the same ip as the
host OS, or host only mode, which completely isolates the guest from
the host).
Ultimately too, I'd like to have someone running vmware on their
machine, to create say an XP virtual machine and join the test domain
that is running from my machine.
I dont think the issue is VMware related.. I think i'm just missing a
step in RAS (if ras is even needed) or somewhere else (maybe demand
dialing between the two ras servers if needed?)?
One key thing i was worried about was the fact i have a dhcp server on
both domains.. as i only want dhcp requests in the wild to be
processed by the 100.x server, so i'm guessing i'd have to turn off
the dhcp server on the test domain.
Thanks for any tips- Hide quoted text -
- Show quoted text -
Ill keep the DC thing in mind and make the switch..
I'm still only able to ping from within my virtual lan (227.x)..
any thoughts on what to do to enable the ping of the virtual lan from
the other lan (100.x)?
Do I need to setup static routes on either the physical router, or a
2003 router (RAS) on the 100.x side? Do I need to do the dual nic
thing on the 100.x side?
I have static routes going on currently from both our physical router
and the RAS on the 100.x to the other side (192.168.227.0 with the
gateway being 227.2, that of the RAS server on the other end)..
But so far no pinging working..
Have you ever set up a similar network using "real" networks?
Networking between two segments works fine if the router is the
default gateway for both subnets. All you need to do is enable IP routing
and away it goes. eg
192.168.1.x dg 192.168.1.254
|
192.168.1.254 dg blank
router
192.168.227.254 dg blank
|
192.168.227.x dg 192.168.227.254
If one subnet uses some other gateway, making changes on the RRAS server
cannot solve the problem unless you enable NAT. With NAT on the RRAS server
the "inner" subnet can see the original subnet and the Internet, because NAT
looks after the routing. eg
Internet
|
Public IP
Gateway router
192.168.1.254
|
workstations
192.168.1.x dg 192.168.1.254
|
192.168.1.n dg 192.168.1.254
RRAS/NAT
192.168.227.254 dg blank
|
192.168.227.x dg 192.168.227.254
The .227 machines can see the machines on the 192.168.1.0 subnet and the
Internet because the RRAS/NAT server handles the traffic through its
"public" IP of 192.168.1.n . This is in the same subnet as the gateway
router and everything works. The machines in 192.168.1.0 cannot see the
machines in 192.168.227.0 because they are on the public side of the NAT.
You cannot use this sort of setup if you want to run AD on the internal
subnet. The way that NAT handles DNS (by relaying DNS to a public DNS
service) is not compatible with AD. All domain members, including the DC
itself, need to use the local DNS, because that is where your SRV records
are. An external DNS cannot tell your client machines how to find the DC,
for example.
Whether you are using virtual networks or not, running a domain has
certain requirements. And if you want the domain members to be able to
access machines on some other network or access the Internet through some
other existing LAN it is far from simple.
I would recommend that you set up your new domain on an isolated network
and get it working properly on its own subnet using its own DNS and DHCP.
When that all works, set up a virtual machine (not the DC) as a router
between that subnet and your existing physical LAN. You will need extra
routing so that the existing LAN knows where the new subnet is and how to
reach it. You will also need to set up your DNS on the new domain to forward
to a DNS server which can resolve public URLs.
.
- References:
- How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- From: markm75
- Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- From: Phillip Windell
- Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- From: Bill Grant
- Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- From: markm75
- How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- Prev by Date: Routing & Remote Access
- Next by Date: Re: Two nics, one server - unmanaged switch
- Previous by thread: Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Assistance?
- Next by thread: Re: strange problem \\ip do not work \\hostname works!
- Index(es):
Relevant Pages
|
