Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Fri, 11 May 2007 08:28:48 GMT
Hello Marcus,
Thank you for kind update.
I was just writing to say that I hope everything is going well.
Please do not hesitate to let me know if there's anything else I can do for
you.
Thank you and have a nice day,
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
| thread-index: AceTMwrnWRQafAaAQAONzRgJSvc3vA==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?TWFyY3Vz?= <Marcus@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <14DE3A58-36A1-44F6-8F44-B79F64E70118@xxxxxxxxxxxxx>
<eGnhawqkHHA.596@xxxxxxxxxxxxxxxxxxxx>
<EA51A443-C393-4A5D-9F3B-78EE3D508E04@xxxxxxxxxxxxx>
<VaOHyAvkHHA.5432@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
| Date: Thu, 10 May 2007 11:43:03 -0700
| Lines: 225
| Message-ID: <5CB357FD-CF1F-4284-9F4E-73BA20156F3E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:35947
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thank you - I shall follow your directions and see how much progress I
make.
|
| Marcus
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Marcus,
| >
| > Thank you for posting here. And thanks for Merv's inputs.
| >
| > According to your description, I understand that you can not access
your
| > router from internal client or SBS. If I have misunderstood the
problem,
| > please don't hesitate to let me know.
| >
| > Based on my research, I suggest we try the following steps to see if we
can
| > resolve this issue:
| >
| > 1. Please contact your router vendor to check the settings in the
router,
| > may be there are some rule deny the access from some IP addresses or
subnet.
| >
| > 2. Merv's inputs is correct, your network configuration need to change:
| >
| > Please change the IP configuration like following:
| >
| > Firewall-Router (public WAN side), Static Public IP from your ISP
| >
| > Firewall-Router (private LAN side), Static IP 192.168.1.1 subnet
mask
| > 255.255.255.0
| > SBS External NIC, Static IP 192.168.1.2 subnet mask 255.255.255.0
| > gateway 192.168.1.1
| >
| > SBS Internal NIC, Static IP 192.168.16.2 subnet mask 255.255.255.0
| > Workstations, Dynamic IPs 192.168.16.x subnet mask 255.255.255.0
gateway
| > 192.168.16.2
| >
| > Note: the IP192.168.16.2 subnet mask 255.255.255.0 and IP 192.168.1.1
| > subnet mask 255.255.255.0 are not in same subnet, but in different
subnets.
| >
| > 3. Run the CEICW
| > Go through the follow KB and Rerun CEICW again carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > Additional:
| > 1. Please do not uses IP address 192.165.0.0, this is not private IP.
The
| > private IP is 192.168.0.0/16.
| >
| > 2. We do not need to add static route on internal clients or SBS.
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection
Failure
| > | thread-index: AceSxllir8mwn0HeTi6KosyrUcPIbg==
| > | X-WBNR-Posting-Host: 207.46.193.207
| > | From: =?Utf-8?B?TWFyY3Vz?= <Marcus@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <14DE3A58-36A1-44F6-8F44-B79F64E70118@xxxxxxxxxxxxx>
| > <eGnhawqkHHA.596@xxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection
Failure
| > | Date: Wed, 9 May 2007 22:45:00 -0700
| > | Lines: 92
| > | Message-ID: <EA51A443-C393-4A5D-9F3B-78EE3D508E04@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:35791
| > | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | HI,
| > |
| > | That's not my configuration. If you look at the diagram, both the WAN
NIC
| > | and the LAN NIC are on the same subnet.
| > |
| > | My WAN NIC and LAN NIC are on separate subnets; the former on
255.255.0.0
| > | the latter on 255.255.255.0.
| > |
| > | I think it's because of the different subnets that the clients and
server
| > | cannot communicate with the router.
| > |
| > | That's why I asked about static routes, the router table and so on.
| > |
| > | Oh, and I can't put the WAN NIC on the same subnet; I've tried and it
| > won't
| > | work.
| > |
| > | Happy to consider any other ideas...
| > |
| > | "Merv Porter [SBS-MVP]" wrote:
| > |
| > | > For network setup, take a look at the following diagrams:
| > | >
| > | > Two Nics, a static IP address, ISA, router
| > | > (works for SBS with or without ISA)
| > | >
| >
http://www.smallbizserver.net/tabid/266/articleType/ArticleView/articleId/76
| > /Two-Nics-a-static-IP-address-ISA-router.aspx
| > | >
| > | > Then re-run CEICW which will set up the SBS server to handle DHCP
for
| > your
| > | > LAN.
| > | >
| > | > When configured correctly, you will essentially have 3 networks,
| > separated
| > | > for security:
| > | >
| > | > The Internet
| > | > Firewall-Router (public WAN side), Static Public IP from your ISP
| > | >
| > | > Firewall-Router (private LAN side), Static IP 192.168.1.1
| > | > SBS External NIC, Static IP 192.168.1.2
| > | >
| > | > SBS Internal NIC, Static IP 192.168.16.2
| > | > Workstations, Dynamic IPs 192.168.16.x
| > | >
| > | > --
| > | > Merv Porter [SBS-MVP]
| > | > ============================
| > | >
| > | > "Marcus" <Marcus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
| > | > news:14DE3A58-36A1-44F6-8F44-B79F64E70118@xxxxxxxxxxxxxxxx
| > | > >I have installed a 2nd NIC in my SBS2003R2 Server.
| > | > >
| > | > > I have configured the new NIC (WAN) with IP 192.165.1.30 subnet
| > | > > 255.255.0.0.
| > | > > I left the old NIC (LAN) with IP 192.165.1.20 subnet
255.255.255.0.
| > | > >
| > | > > I have a firewall router between my WAN NIC and the ISP. This has
an
| > | > > internet facing static IP of W.X.Y.Z. It has an intranet facing
| > static IP
| > | > > of
| > | > > 192.165.1.1 subnet 255.255.0.0 (previously 255.255.255.0 before
the
| > new
| > | > > NIC
| > | > > was installed).
| > | > >
| > | > > I have set the DHCP scope on the Server to 192.165.1.1 to
| > 192.165.1.254 (I
| > | > > guess on subnet 255.255.255.0). The exclusion is set from
192.165.1.1
| > to
| > | > > 192.165.1.10.
| > | > >
| > | > > I have not defined a second scope on the 255.255.0.0 subnet.
| > | > >
| > | > > My clients on the LAN can successfully reach the internet.
| > | > > My server can successfully reach both clients and the internet.
| > | > >
| > | > > Neither my server nor my clients can reach my firewall router.
Before
| > I
| > | > > installed the 2nd NIC this worked fine. (i.e. before I reset it
with
| > a
| > | > > static
| > | > > IP on subnet 255.255.0.0 rather than the original subnet of
| > | > > 255.255.255.0).
| > | > >
| > | > > Q1. Do I have to define another DHCP scope for the new WAN subnet
| > and, if
| > | > > so, how?
| > | > > Q2. Do I have to set up a static route from my LAN (clients and
| > server) to
| > | > > the router and, if so, how?
| > | > > Q3. Do I have to do anything to my inbuilt SBS Firewall settings
| > (which
| > | > > are
| > | > > currently the default ones - I've not messed around with these)?
| > | > >
| > | > > I need to reach my router in order to change some of the VPN
| > tunnelling
| > | > > permissions, you see.
| > | > >
| > | > > Finally, if I plug a LAN laptop directly into the router it can't
| > reach it
| > | > > either. But the router is working fine...
| > | > >
| > | >
| > | >
| > | >
| > |
| >
| >
|
.
- References:
- Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- From: Merv Porter [SBS-MVP]
- Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- From: Marcus
- Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- From: Terence Liu [MSFT]
- Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- From: Marcus
- Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- Prev by Date: RE: Citrix and SBS 2003
- Next by Date: Re: server publish under host headers - ISA 2004
- Previous by thread: Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- Next by thread: Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
- Index(es):
Relevant Pages
|
