Re: Dual Nic - Network Settings Advice

From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 07/04/04 

Date: Mon, 5 Jul 2004 01:36:14 +0200

Hi Stuart,

That subnetmask will do fine. If you have ISA installed, you will just need
to make sure that the Firewall Client is installed on the workstations.
Default they will have all internet access without any restrictions.
Furthermore the clients will be protected by ISA that way. Right now, they
are not. 

-- 
Regards,
Marina
Microsoft SBS-MVP
"Stuart Mackie [MCP, MSP]" <me@--REMOVE_THIS--stu.uk.com> schreef in bericht
news:uVjXM9hYEHA.3012@tk2msftngp13.phx.gbl...
> Hi Maria, thanks for the info.  I knew there was a restriction on the
choice
> of IP/Subnet with the external & internal nics but wasn't sure exactly
what.
> If we use 192.168.0.x should we just stick with 255.255.255.0 for the
subnet
> or doesn't make any difference ?
>
> I know its a little unusual, we just would prefer to have these machines
> bypass the server totally and get direct external access.  If we didn't
need
> this we would definately go with a normal dual nic setup :)
>
> -- 
> Thanks again,
> Stuart.
>
>
>
> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
message
> news:Orfx4zhYEHA.3664@TK2MSFTNGP12.phx.gbl...
> > Hi Stuart,
> >
> > Put the external nic on a totally different IP-range like 192.168.0.x.
> This
> > will make it a lot easier when you setup ISA, as the external IP-range
> > should not be in the LAT of ISA.
> > ISA enables you to exclude users from accessing the internet, so you
> > wouldn't have to put Mac-addresses in your firewall.
> > I think you are making it quite difficult for yourself if you still want
> to
> > pursue your way though.
> >
> > -- 
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> >
> > "Stuart Mackie [MCP, MSP]" <me@--REMOVE_THIS--stu.uk.com> schreef in
> bericht
> > news:%23%23uaSjhYEHA.2816@TK2MSFTNGP11.phx.gbl...
> > > Hi.  I am trying to achieve a slightly odd dual network card
> configuration
> > > with my sbs2k3 server and would appreciate any advice. At the minute
all
> > > internal systems are connected via a 24 port switch to a hardware
> firewall
> > > which is then connected to our router.  The server has a single nic
with
> > > internal IP of 10.0.0.10 subnet 255.255.255.0, and the workstation
range
> > > uses the same subnet with IP 10.0.0.30....100.  All the internal
systems
> > > therefore use the firewall as their gateway and are unrestricted to
the
> > > internet/external network.
> > >
> > > What I want to achieve is a dual nic setup on the server (ISA will be
> used
> > > as well), but still allow certain clients direct unrestricted access
to
> > the
> > > internet without having to go through the servers dual nic.  I know
this
> > is
> > > totally unusual but I would appreciate any advice on whether this is
> > > possible.  My currently plan was to keep the current nic with
> > > 10.0.0.10/255.255.255.0 as the internal nic, and add a second nic with
> > > settings 10.0.1.10/255.255.255.0 as the external nic (i.e. the second
> nic
> > is
> > > on a different subnet).  The hardware firewall will then be configured
> > with
> > > an exclusions list filter which says unless the client nic and MAC
> address
> > > are in the list below deny access.  This then makes sure workstations
> > can't
> > > bypass the server dual nic for ISA etc, while still allowing the
handful
> > of
> > > systems direct access to the external network without having to go
> through
> > > the server.
> > >
> > > My main concern was the choice of network card settings.  From what I
> > > understand as long as the internal and external network cards are on
> > > different subnets, there shouldn't be any technical problem with doing
> > this
> > > ?  If on the other hand we used something like 10.0.0.10/255.255.255.0
> and
> > > 10.0.0.20/255.255.255.0 it wouldn't work becuase the network cards
would
> > be
> > > on the same subnet ?  Can anyone confirm whether this would or
wouldn't
> > work
> > > ?
> > >
> > > -- 
> > > Thanks for any help,
> > > Stuart Mackie [MCP, MSP]
> > > www.stu.uk.com
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: SBS Premium, Secure Banking site, certificate = no joy
    ... firewall client installed cannot access a specific banking web site. ... settings and create the ISA rules. ... 825763 How to configure Internet access in Windows Small Business Server ... On the ISA Server computer, stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • RE: Force use of ISA Firewall Client
    ... the Firewall client automatically sends user credentials ... or the user account must be mirrored on the ISA 2004 firewall. ... Firewall Client will result in usernames being included in the ISA logs, ... But if you visit Websites or FTP, the web proxy has improved performance. ...
    (microsoft.public.windows.server.sbs)
  • RE: Force use of ISA Firewall Client
    ... the Firewall client automatically sends user credentials ... or the user account must be mirrored on the ISA 2004 firewall. ... But if you visit Websites or FTP, the web proxy has improved performance. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA page not displayed Outside
    ... Open ISA 2006 management console. ... Expand the server node and highlight 'Monitoring'. ... Click 'Configure Firewall Logging'. ... |> internal client as both the web proxy client and firewall client? ...
    (microsoft.public.windows.server.sbs)
  • Re: Is this a 3-Leg Perimeter scenario?
    ... the same configuration as I had it originally before upgrading to ISA 2004 ... No PersisentRoute enrty on the clients; no firewall client disabling; no IE ... using IE to access the FTP. ...
    (microsoft.public.windows.server.sbs)