Small network with lots of features, questions

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello all,

I have setup a working network for my church, but I'm second-guessing
the schema that I'm using. I would very much appreciate your thoughts
on this. But a caveat first: our budget is limited, so while I know
we do a lot more in terms of security with better equipment... for
now, we have what we have. So here's the hardware I have:

Servers: One box running Server 2008 Enterprse (Core) with 3 vm's.
The host machine is running only Hyper-V. 2 NIC's are installed. VM1
is primary DC, DHCP; VM2 is backup DC, file server; VM3 is RRAS, print
server.
Networking: we have one public IP and a cable modem. One router
(Linksys BEFSX41) as the gateway. A few basic switches.
Wireless: 4 WAP's. DHCP is turned off; set up as RADIUS clients,
authenticating to the domain.
Clients: mostly XP Pro, one Mac OSX 10.4 (don't ask), one Vista
Business

Stuff I'd like to have ASAP but have not yet implemented:
- VPN - Allow at least one user to VPN into the network (I say at
least 1 because I'm not sure if that's all our router will allow).
- Wireless DMZ -- Allows guests to have wireless access to the
Internet but not access the network.

The current setup:
- Router IP: 192.168.1.1
- Switch is not plugged into the router. I am keeping the LAN
separate from the router as a security measure.
- One NIC from the server is plugged into the router (192.168.1.13);
the other is plugged into the switch (10.0.0.13).
VM3 is acting as a router so that network clients can access the
Internet. It has two NIC's (192.168.1.14 and 10.0.0.14)
- VM1 (10.0.0.15) and VM2 (10.0.0.12) have static IP's.
- DHCP assigns 10.0.0.100-199, gateway 10.0.0.14 (VM3), DNS
10.0.0.15/12 (VM1 and 2).
- All static network clients (servers) have 10.0.0.14 (VM3) as their
gateway.

Problems:
- Internet connection for clients is dog-slow. This prompted my post
here -- http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/7915c78d-dd34-4367-86a0-01713c1212a7/
-- because I thought it was maybe Hyper-V related. It is a somewhat,
but that discussion has led me to re-think the network topology.
- Not sure how to implement VPN, which I'm itchin' to get running.

What I'm thinking:
- Plug the switch into the router directly. According to that post,
it's not really buying me the security I thought it was.
- Remove NAT from VM3. Client gateways will be the router instead of
the server.

Questions/concerns:
- Should the router be on totally different subnet than the domain
computers? Does it matter if the gateway IP for a 10.0.0.x network
client is 192.168.1.1?
- I've read it's good to have two NIC's for one's VPN server. I have
that on VM3. But do I give it two 10.0.0.x IP's? One 192.168.1.x
IP? Which one is the "Internet" NIC that RRAS prompts for? Or does
it not matter?
- Bearing in mind I'd like to have wireless DMZ, how does that affect
IP address assignment for network devices? Does this force me to have
a different subnet than the network for the gateway? Since Internet
traffic for both DMZ and network clients will ultimately be going
through the router.

As you can tell, I'm a newbie, but I've gotten pretty far with this.
If you have an IP address schema that you think works better than my
10.0.0.x and 192.168.1.x, I'm all ears (10.0.x.x? 192.168.x.x?).
I've read a little on private subnets, but I've only absorbed so much.

Again, your help is much appreciated.

Thanks
Tom

Note: I have also posted this here:
http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/51c7c85f-46dc-42ad-be75-11597b65810f
But that board seems to be kind of slow.
.

Relevant Pages

  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • RE: Printing from Win9x clients stops
    ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ...
    (microsoft.public.windows.server.sbs)
  • RE: Small network with lots of features, questions
    ... Your network sounds overly complicated to me. ... to get to the internet. ... To do that, without using your server as a router, you need ...
    (microsoft.public.windows.server.networking)
  • Re: ISA Server & a WiFi Hotspot (some DHCP for good measure too)
    ... ISA2k4 is currently not supported on SBS ... To review - you have LAN clients that you want to have ... card for your server. ... > network with 5 client computers. ...
    (microsoft.public.windows.server.sbs)
  • RE: Users Cant Access Documents on Server
    ... Thanks for using the SBS newsgroup. ... As well as we know, if a workstation would not access network shares, then ... Leave the Default Gateway of the internal NIC blank of the server box. ... Clients That Require SMB Signing ...
    (microsoft.public.windows.server.sbs)