=?Utf-8?B?am1pbGxlcldW?= <(E-Mail Removed)> wrote in
news:37ED0537-CAB3-4A18-B194-(E-Mail Removed):
> Thanks for your reply. My set up
> 1 Small business server 2003
> 1 Small business server 2000
> 20 workstation on the SBS2k3 side
> 3 workstations on the SBS2k side
> 1 router Netgear vpn router
> 1 cable modem
> 1 static IP address asigned to SBS2k3 for web site
> use VPN ports, Terminal Services ports, Web ports and email ports for
> the SBS2k3 network.
> both servers share the internetconnection through the router. Both
> have different internal IP address pools.
> The SBS2k side has opened a second office on the other side of the
> state. The second office needs access to the SBS2k resources.
> the SBS2k3 network has multiple field that need access to the SBS2k3
> resources.
> I am trying to figure a way where the Second office can get to the
> SBS2k network resources without having to get a second Static IP
> address and second modem etc. I thought maybe using a different port
> number and being able to hit the router with it The router would
> redirect those to the SBS2k network. Does that make sense? the 2
> networks are set up because these are 2 diferent companies under the
> same roof, but don't want to show any affiliation to each other. again
> thanks
>
> jmillerwv
>
> "FenderAxe" wrote:
>
>> =?Utf-8?B?am1pbGxlcldW?= <(E-Mail Removed)> wrote
>> in news:00A0D3C7-AF54-4384-96EC-(E-Mail Removed):
>>
>> > Hello all,
>> > I hope I am at the correct discussion area. Here is my question: We
>> > are a midsized company with a static IP address to the web., there
>> > is a Netgear router between the cable modem and our main server.
>> > All is running real good. I would like to be able to redirect, at
>> > the router, incoming requests based on a port number, but I am
>> > having trouble finding any info about what ports can be used. Does
>> > anyone have any idea where this info can be found? Or can I just
>> > choose any port that is not a common port, like 80 or 23 or 110?
>> > Thanks in advance for your assistance. jmillerwv
>> >
>>
>> Can you please explain more clearly what you are trying to do and
>> why? It sounds like what you need is VLANs. but that isn't clear
>> based on the information you provided. Are you trying to redirect
>> specific traffic to a network segment, a particular host, or *what*
>> based on port number? What is the overview of what you are trying to
>> do?
>>
>> FA
>>
>
Hi there --
Just to make sure I understand your setup -- What you have is two logical
networks (different IP address pools) that exist on the same physical
network and that share a router and Internet connection. The WS03 network
has VPN services and you want to provide that same service to users of the
W2K network.
If that is correct, you can accomplish this but you may have to add
resources, and you must use IAS. Probably you should also upgrade the W2K
server to WS03. If you do this, connection requests from the WS03 domain
users can be sent only to their domain and ditto for the W2K users.
The best approach (as mentioned by another poster) is to use 802.1X and
VLANs. I don't know the router you are using and whether or not it supports
VLANs and the RADIUS protocol, but basically that's what you need -- a
network access server, or NAS (either a new router that supports these or
the addition of a Layer 3 Ethernet switch that supports these
technologies). I know Netgear makes a good 12 port switch that supports
VLANs and RADIUS, and I am sure a lot of other companies (like Cisco and D-
Link) do too.
The logic of the setup is that you add the NAS and create VLANs on the NAS.
One VLAN can lead to the W2K network and one can lead to the WS03 network.
On both SBS servers you then install Internet Authentication Service (IAS).
IAS is MSFT's implementation of the RADIUS protocol, and it performs
authentication and authorization for connection requests to NAS's.
You would then do the following (These steps are general to give you the
idea; you will need to use the IAS documentation and NAS docs to actually
deploy this):
On the switch or router:
-- Create two VLANs, one for the WS03 network and one for the W2K network
-- Configure the WS03 server as the authenticating server to which
connection requests are sent
On the WS03 IAS server:
-- Configure the NAS as a RADIUS client in IAS (very simple, it is just an
IP address and a shared secret that you also configure on the NAS)
-- In IAS, configure the server to process connection requests from members
of the local domain. Also create a remote access policy that tells the NAS
to place authorized Ws03 domain users on the WS03 VLAN when they are
connected.
-- In IAS, configure the server to act as a RADIUS proxy and forward
requests from the W2K domain to the W2K IAS server. To do this you create a
connection request policy based on the User-Name attribute in the
connection request and you create a remote RADIUS server group that
contains the W2K IAS server, so that IAS knows where to send the request
for authentication.
On the W2K server (which is upgraded to WS03):
-- In IAS, configure the WS03 IAS server as a RADIUS client so that the
local server can receive the connection requests being forwarded to it.
-- Configure a remote access policy that tells the NAS to place authorized
W2K domain users on the W2K VLAN when they are connected.
Here are a few resources for you if you are interested:
"Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows" at
http://www.microsoft.com/downloads/d...05951071-6b20-
4cef-9939-47c397ffd3dd&DisplayLang=en
"Deploying Windows Server 2003 Internet Authentication Service (IAS) with
Virtual Local Area Networks (VLANs)" at
http://www.microsoft.com/downloads/d...C9ED3609-49FC-
439B-92F4-266B187CAE5A&displaylang=en
Note that this is just one approach to solving this problem. If you
investigate other solutions (such as, possibly, a VPN concentrator or other
type of NAS) you might find a solution you like better.
HTH
--
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Similar Threads
Linear Mode
