Dual Nic - Network Settings Advice

From: Stuart Mackie [MCP, MSP] (me_at_--REMOVE_THIS--stu.uk.com)
Date: 07/04/04 

Date: Sun, 4 Jul 2004 23:46:59 +0100

Hi. I am trying to achieve a slightly odd dual network card configuration
with my sbs2k3 server and would appreciate any advice. At the minute all
internal systems are connected via a 24 port switch to a hardware firewall
which is then connected to our router. The server has a single nic with
internal IP of 10.0.0.10 subnet 255.255.255.0, and the workstation range
uses the same subnet with IP 10.0.0.30....100. All the internal systems
therefore use the firewall as their gateway and are unrestricted to the
internet/external network.

What I want to achieve is a dual nic setup on the server (ISA will be used
as well), but still allow certain clients direct unrestricted access to the
internet without having to go through the servers dual nic. I know this is
totally unusual but I would appreciate any advice on whether this is
possible. My currently plan was to keep the current nic with
10.0.0.10/255.255.255.0 as the internal nic, and add a second nic with
settings 10.0.1.10/255.255.255.0 as the external nic (i.e. the second nic is
on a different subnet). The hardware firewall will then be configured with
an exclusions list filter which says unless the client nic and MAC address
are in the list below deny access. This then makes sure workstations can't
bypass the server dual nic for ISA etc, while still allowing the handful of
systems direct access to the external network without having to go through
the server.

My main concern was the choice of network card settings. From what I
understand as long as the internal and external network cards are on
different subnets, there shouldn't be any technical problem with doing this
? If on the other hand we used something like 10.0.0.10/255.255.255.0 and
10.0.0.20/255.255.255.0 it wouldn't work becuase the network cards would be
on the same subnet ? Can anyone confirm whether this would or wouldn't work
? 

-- 
Thanks for any help,
Stuart Mackie [MCP, MSP]
www.stu.uk.com

Relevant Pages

  • Re: Single 2003 Server with DHCP, DNS and ISA 2006
    ... As soon as I created my own DHCP ... I can ping the server by IP address and name from the workstation. ... Not too surprising with the above subnet problems. ... To the Internet. ...
    (microsoft.public.windows.server.general)
  • RE: Internet connection via 2nd network card without ISA
    ... I understand that one of your client computer accesses Internet very slow ... Microsoft CSS Online Newsgroup Support ... Internet connection via 2nd network card without ISA ... >I have tried setting the DNS to that of the server ip 10.0.0.2 but won't ...
    (microsoft.public.windows.server.sbs)
  • Re: Site VPN between SBS 2003 and Windows 2003/ISA 2004
    ... on the SBS server when you ping the other subnet it goes out via ... The SBS IP are the standard 192.168.x.x, ... Internet browsing is fine. ...
    (microsoft.public.windows.server.sbs)
  • Re: ipconfig question
    ... or proxy server might be from a regular user on the subnet? ... > network admin more than likely has a NAT system set up. ... > Internet. ... The NAT server, ...
    (microsoft.public.win2000.networking)
  • Re: VPN Setup
    ... The Ip of the 'internet' ... network card should be one off from the DSL router. ... only an internal DNS Server hosting the zone name for the Active Directory ... The only place ISP DNS servers belongs in the network is under your DNS ...
    (microsoft.public.windows.server.general)