Registered users    
MembershipMembership:
Latest New UserLatest:Tim Whiteside
New TodayNew Today:18
New YesterdayNew Yesterday:7
User CountOverall:23106
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12634
Marina Roos12290
Eriq Neale2105
Michael Patrick1906
Stan Guinn1847
Robert Pearman1728
Nick Pieters1425
Stewart Brown609
Kevin D.563
william warren548
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Smallbusiness Server > ISA Server 2004
Subject: Setup 2nd LAN and service network
Prev Next
You are not authorized to post a reply.

Author Messages
Andre Weinforth (GMC Group) User is Offline
Ireland
Member since
3/15/2006

Platinum Membership
Posts: 41
6/27/2008 10:09 AM  
Hi all,

 

Have the following situation - hand drawn network diagram exists but cannot attach / insert it!?
Insert: have no browse upload option as shown in "How do I insert a picture in my posting" in FAQ
Attach: teels me invalid file or exceeds sice. Have a .jpg file 28K in size
 
I can e-mai lit if required!
 

SBS 2k3 with ISA 2004 installation on Dell PE 2850

the setup I had up to quite recently is the following:

1 WAN interface

2 LAN interfaces - server had an additional Broadcom NIC

 

Configured as: LAN1 and BackupLAN

 

I use the BackupLAN for creating backups and copying large backup files during day time, so the LAN1 doesn't get clocked up with it.

It was all working fine - at last i did not have any noticeable problems

 

Now I took out the additional Broadcom NIC and replaced it with a new Intel Dual Port NIC to create this additional service network.

 

To explain: we start a new project and for this we will be supplied with a firewall which will provide us with a VPN link to use some project related services / servers which are not located at any of our sites!

 

My idea now was to have this firewall setup in a service network segment on my ISA Server to not place / link this firewall directly to my network and only allow required connections / protocols.

 

All is setup as shown on the diagram.

 

I have setup persistent routes on the SBS2k3 for the 2 new networks and pinging these new networks seems to be working (tested by pinging the IP address assigned to the individual network card for each network on the ISA from different clients in the 166.0 network)

 

Persistent Routes:

  Network Address          Netmask  Gateway Address  Metric

    192.168.188.0    255.255.255.0    192.168.166.2       1

    192.168.155.0    255.255.255.0    192.168.166.2       1

 

The problem I stated to see now yesterday is that DHCP requests from internal clients were not answered - they were not bale to pickup IP address.

 

Assigning them a static IP worked!

 

After further investigations and testing, I also noticed that Remote Access stopped working. I noticed that the BackupLAN adapter is assigned to be used for broadcast name resolution to obtain DHCP,DNS and WINS, not the internal LAN.

 

Changing it to the internal LAN did not fix it and restarting the remote access service defaulted back to the BackupLAN adapter.

 

Where is it going wrong? Is a setup like i need / had I n mind not possible.

 

Recommendations and tips really appreciated. Tnx a mill in advance

 

Regards

Andre

 

Client ipconfig & ping service network:

 

Windows IP Configuration

Ethernet adapter VMware Network Adapter VMnet8:

        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 192.168.220.1

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . :

 

Ethernet adapter VMware Network Adapter VMnet1:

        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 192.168.213.1

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . :

 

Ethernet adapter Wireless Network Connection:

        laceName w:st="on">MedialaceName> laceType w:st="on">StatelaceType> . . . . . . . . . . . : Media disconnected

 

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : gmcdublin.local

        IP Address. . . . . . . . . . . . : 192.168.166.107

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.166.2

 

C:\Documents and Settings\andre>ping 192.168.155.2

Pinging 192.168.155.2 with 32 bytes of data:

Reply from 192.168.155.2: bytes=32 time<1ms TTL=128

Reply from 192.168.155.2: bytes=32 time<1ms TTL=128

Reply from 192.168.155.2: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.155.2:

    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

Server ipconfig:

 

Windows IP Configuration

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . : 192.168.166.124

   Subnet Mask . . . . . . . . . . . : 255.255.255.255

   Default Gateway . . . . . . . . . :

 

Ethernet adapter External:

   Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . :  PublicIP

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 83.147.186.1

 

Ethernet adapter Internal:

   Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . : 192.168.166.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

 

Ethernet adapter BGE:

   Connection-specific DNS Suffix  . :

   IP Address. . . . . . . . . . . . : 192.168.155.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 
Andre Weinforth (GMC Group) User is Offline
Ireland
Member since
3/15/2006

Platinum Membership
Posts: 41
6/27/2008 04:19 PM  
I managed to get image available to the web:
http://weinforths-world.com/images/Diagram.jpg
 
Did some further investigations:

the problems disappear if I disable the BackupLAN NIC in the ISA server.

The only difference I can think of between the BGE and BackupLAN NIC is that the new BGE Network is declared as a perimeter network when setting it up in ISA.

So if I enable the BackupLAN interface the following happens:

The BackupLAN adapter is assigned to be used for broadcast name resolution to obtain DHCP,DNS and WINS for remote access, not the internal LAN.

If I manually change it over to the internal lan NIC VPN Client sometimes can dial in but get a 169.something ip address assigned - so one that does not belong to my actual internal network.

Regards

Andre

Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12290
8/31/2008 01:48 AM  
Hi Andre,
 
SBS doesn't like having 3 nics and CEICW will choke on it.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
You are not authorized to post a reply.
Forums > Microsoft Smallbusiness Server > ISA Server 2004 > Setup 2nd LAN and service network


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.2812536 seconds.   :   Terms Of Use   :   Privacy Statement