Re: Install nightmare

From: Merv Porter [SBS-MVP] (mwport_at_no_spam_hotmail.com)
Date: 11/12/04 

Date: Fri, 12 Nov 2004 15:43:37 -0500

OK... If you look at the diagram in my last post, you'll see that you have
the LAN of your DSL router, the WAN of your Firewall device and your SBS LAN
all in the same subnet (192.168.254.x). The SBS LAN should be in a
different subnet. So as not to mess with the SBS configuration, try
changing the DSL router LAN IP scheme to something like 192.168.100.x and
give your DSL router an IP address of 192.168.100.1. Then give your
Symantec firewall a WAN address of 192.168.100.2 and DG of 192.168.100.1
(the DLS router) so its WAN is in the same subnet as the DSL router. I
don't think you'll need to re-run CEICW but it wouldn't hurt. 

-- 
Merv  Porter  [SBS MVP]
===================================
"Ascnet" <gage@keepyourspamknightinsurancethankyou.com> wrote in message
news:OSOKfwOyEHA.2572@tk2msftngp13.phx.gbl...
> Data and diagram are completely correct.  I have found the following
message
> on the log of the firewall "Packet dropped because WAN IP 192.168.254.254
is
> spoofed".  I'm on hold with Symantec now to confirm if that is caused by a
> configuration problem, SBS internal firewall, or if it's junk hitting the
> firewall from the web.  Will post whatever news I get.
>
> Again thank you for your time!
>
> John
>
>
>
> "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> news:eHhcjoOyEHA.2892@TK2MSFTNGP14.phx.gbl...
> > > The firewall's WAN address is 192.168.254.201, similar to the LAN
> address
> > of
> > > the DSL router 192.168.254.254.  The firewall's gateway is the address
> of
> > > the DSL 254.254.
> >
> > So this is your setup...
> >
> > Internet
> > |
> > DSL Router  (WAN:  IP address provided by ISP  ||  LAN:
192.168.254.254)
> > |
> > Symantec Firewall  (WAN:  192.168.254.201  ||  LAN 192.168.0.1)
> > |
> > External SBS NIC  (IP 192.168.0.2; SM 255.255.255.0; GW 192.168.0.1)
> > Internal SBS NIC  (192.168.254.21; SM 255.255.255.0; GW <blank>; DNS
> > 192.168.254.21)
> > |
> > Switch
> > |
> > Workstations  (IP:  192.168.254.x)
> >
> >
> > Is this diagram, and the values in it, accurate?
> >
> > -- 
> > Merv  Porter  [SBS MVP]
> > ===================================
> > "Ascnet" <gage@keepyourspamknightinsurancethankyou.com> wrote in message
> > news:ujS$fJOyEHA.260@TK2MSFTNGP11.phx.gbl...
> > > Event Logs - DNS Server log has Event#4015 "LDAP error".  Application
> log
> > > has an Event 63 which I read and don't understand at all.
> > >
> > > CEICW - Yes I've rerun a couple of times.  I have the ISP DNS
addresses
> > > setup in the WAN DNS area of the Symantec Firewall config. utility.  I
> > also
> > > have the ISP DNS routers entered in the screen during the CEICW that
> asks
> > > for ISP DNS addresses.  Could you explain what you mean by
"forwarders"?
> > >
> > > The firewall's WAN address is 192.168.254.201, similar to the LAN
> address
> > of
> > > the DSL router 192.168.254.254.  The firewall's gateway is the address
> of
> > > the DSL 254.254.
> > >
> > > All cables appear to be in working order, I'll swap them out just to
be
> > > sure.
> > >
> > > No wireless anywhere.
> > >
> > > This last time I ran the CEICW I said no to the internal SBS firewall.
> > > Still can't activate.  Hangs at the "Checking for connectivity" and
> > > eventually I get unable to activate Message number 32781.  Went ahead
> and
> > > reran CEICW and turned the internal firewall back on.
> > >
> > > ~John
> > >
> > >
> > > "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
> > > news:uotanjNyEHA.3908@TK2MSFTNGP12.phx.gbl...
> > > > Any errors in the event logs?
> > > > Have you re-run CEICW to configure your Internet connection and used
> > your
> > > > ISP's DNS NameServers as forwarders?
> > > > Have you set up the router with your WAN static IP address, subnet
> mask
> > > and
> > > > gateway?
> > > > Have you checked all your cables to make sure they are working
> properly?
> > > > And we're not doing any wireless here, are we?
> > > >
> > > > SBS Premium... before you install ISA or SQL make sure you read the
> > > "readme"
> > > > file on the Premium disk.  This will walk you through the
installation
> > of
> > > > ISA and/or SQL.
> > > >
> > > > If this is your first time installing SBS, you may want to follow
this
> > > > rule... (stolen from Kevin Weilbacher):  Install once to learn, a
> second
> > > > time to take notes, and a 3rd time to make sure your notes are
> correct.
> > > >
> > > > -- 
> > > > Merv  Porter  [SBS MVP]
> > > > ===================================
> > > >
> > > > "Ascnet" <gage@keepyourspamknightinsurancethankyou.com> wrote in
> message
> > > > news:etNSyFMyEHA.4028@TK2MSFTNGP15.phx.gbl...
> > > > > SBS Premium but I have not installed the premium disc yet.  I
wasn't
> > > > > prompted for it so I figured I should wait until everything was
> > working
> > > > > properly.  Broadband connection has static WAN address.  Yes I've
> > > reviewed
> > > > > the diagrams and have used them to help configure the server.
> > > > >
> > > > > WORKSTATION IPCONFIG/ALL
> > > > > Windows 2000 IP Configuration
> > > > >
> > > > >         Host Name . . . . . . . . . . . . : JOHGAG01
> > > > >         Primary DNS Suffix  . . . . . . . : Knight.local
> > > > >         Node Type . . . . . . . . . . . . : Hybrid
> > > > >         IP Routing Enabled. . . . . . . . : No
> > > > >         WINS Proxy Enabled. . . . . . . . : No
> > > > >         DNS Suffix Search List. . . . . . : Knight.local
> > > > >
> > > > > Ethernet adapter Local Area Connection 2:
> > > > >
> > > > >         Connection-specific DNS Suffix  . :
> > > > >         Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
> > Desktop
> > > > > Adapter
> > > > >
> > > > >         Physical Address. . . . . . . . . : 00-07-E9-09-B9-34
> > > > >         DHCP Enabled. . . . . . . . . . . : Yes
> > > > >         Autoconfiguration Enabled . . . . : Yes
> > > > >         IP Address. . . . . . . . . . . . : 192.168.254.88
> > > > >         Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > >         Default Gateway . . . . . . . . . : 192.168.254.21
> > > > >         DHCP Server . . . . . . . . . . . : 192.168.254.21
> > > > >         DNS Servers . . . . . . . . . . . : 192.168.254.21
> > > > >         Primary WINS Server . . . . . . . : 192.168.254.21
> > > > >         Lease Obtained. . . . . . . . . . : Friday, November 12,
> 2004
> > > > > 8:15:13 AM
> > > > >
> > > > >         Lease Expires . . . . . . . . . . : Friday, November 19,
> 2004
> > > > > 8:15:13 AM
> > > > >
> > > > > SERVER IPCONFIG/ALL
> > > > > Windows IP Configuration
> > > > >
> > > > >    Host Name . . . . . . . . . . . . : kcmwin03
> > > > >    Primary Dns Suffix  . . . . . . . : Knight.local
> > > > >    Node Type . . . . . . . . . . . . : Unknown
> > > > >    IP Routing Enabled. . . . . . . . : Yes
> > > > >    WINS Proxy Enabled. . . . . . . . : Yes
> > > > >    DNS Suffix Search List. . . . . . : Knight.local
> > > > >
> > > > > Ethernet adapter Server Local Area Connection:
> > > > >
> > > > >    Connection-specific DNS Suffix  . :
> > > > >    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server
> > > Adapter
> > > > >    Physical Address. . . . . . . . . : 00-0E-0C-5E-E9-A5
> > > > >    DHCP Enabled. . . . . . . . . . . : No
> > > > >    IP Address. . . . . . . . . . . . : 192.168.254.21
> > > > >    Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > >    Default Gateway . . . . . . . . . :
> > > > >    DNS Servers . . . . . . . . . . . : 192.168.254.21
> > > > >    Primary WINS Server . . . . . . . : 192.168.254.21
> > > > >
> > > > > Ethernet adapter Network Connection:
> > > > >
> > > > >    Connection-specific DNS Suffix  . :
> > > > >    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
Network
> > > > > Connection
> > > > >    Physical Address. . . . . . . . . : 00-0F-1F-F9-A0-24
> > > > >    DHCP Enabled. . . . . . . . . . . : No
> > > > >    IP Address. . . . . . . . . . . . : 192.168.0.2
> > > > >    Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > >    Default Gateway . . . . . . . . . : 192.168.0.1
> > > > >    DNS Servers . . . . . . . . . . . : 192.168.254.21
> > > > >    NetBIOS over Tcpip. . . . . . . . : Disabled
> > > > >
> > > > >
> > > > > Let me know if I can provide any further info.  And of course
THANK
> > YOU
> > > > for
> > > > > your time and help.  ~John
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Install nightmare
    ... > The firewall's WAN address is 192.168.254.201, ... > the DSL router 192.168.254.254. ... Merv Porter [SBS MVP] ... Broadband connection has static WAN address. ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall/Router
    ... Firewall WAN: ... With DHCP only on the SBS ... Various NAT was set up on the DSL Router, and exactly the same port forwarding was set up on the firewall, only it was looking at the source and destination IPs, so if the inpbound data in the firewall was being sent to 192.168.16.5:1000 it was then forwarded to 192.168.16.5:1000 by the firewall, the IP must be specified). ... I assumed it was because the server had the wrong IP address for the gateway. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA and Separating Networks
    ... I would not recommend attempting to use your SBS to provide network management in this fashion. ... does the cable that goes into his WAN link come from? ... of the cisco router. ... the WAN side of that firewall. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Install nightmare
    ... > the LAN of your DSL router, the WAN of your Firewall device and your SBS ... > all in the same subnet. ...
    (microsoft.public.windows.server.sbs)
  • Re: LAN and WAN IP on Exchange 2003
    ... any external requests for mail directly to SBS. ... port is to only be used for internal mail services, sharepoint, etc. ... I want the users to still have to go through our dedicated firewall ... I would like to have the WAN ...
    (microsoft.public.exchange.connectivity)