How to configure for Two different IP subnets

Just wondering if someone can please explain how I can get two different ip
subnets working? I have been googling, reading the newsgroups, and reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just ran
the wizards and went with the settings it provided but when all was said and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some help
in understanding what settings I need to make and where. Like I said I have
been searching found alot kind of referencing what I am trying to do but as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only thing
I can figure out is this must be so easy that there does not need to be any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would appreciate
it.

Thanks, Jeff

We have many issues with this configuration. Here are two:

1. You should not enable RRAS on a DC. Check this link for more details.

Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually Name resolution Issue in a VPN client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -

case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server .... To assign the DNS and WINS to a VPN client for name resolution, you should configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm


2. You don't need two NICs for VPN. How to may help,

How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How to setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX ...
http://www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Jeff" <(E-Mail Removed)> wrote in message news:fYwqh.1217$(E-Mail Removed) ...
Just wondering if someone can please explain how I can get two different ip
subnets working? I have been googling, reading the newsgroups, and reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just ran
the wizards and went with the settings it provided but when all was said and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some help
in understanding what settings I need to make and where. Like I said I have
been searching found alot kind of referencing what I am trying to do but as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only thing
I can figure out is this must be so easy that there does not need to be any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would appreciate
it.

Thanks, Jeff

As Bob said there are a lot of issues involved here. Active Directory is
really overkill for a setup like that. You don't need it to allow an
incoming VPN connection and running RRAS on a DC is definitely not
recommended. The other major problem you strike with AD is DNS.

If you really want to run a domain behind a workgroup, it can be done.
It can even be done using the DC as the router (otherwise Small Business
Server wouldn't work) but it is not simple or straightforward. It certainly
doesn't work using the default setup wizard in Server 2003. It becomes even
more difficult if you also configure the DC as a VPN server.

If you only want a second IP subnet using the Windows server as a
router, things are simpler. You can configure the router as a normal LAN
router (but this will mean you need to add extra routing to the Linksys so
that it knows how to find your internal subnet). If you can't or don't wish
to fiddle with the Linksys, you need to configure the server as a NAT
router. This solves the routing problem on the Linksys because all traffic
going to the Linksys from your internal subnet is using the 192.168.1.x
address of the server (because of NAT).

The network config is like this.

Internet
|
Linksys
192.168.1.1
|
workgroup machines
192.168.1.x dg 192.168.1.1
|
192.168.1.n dg 192.168.1.1
RRAS
10.10.1.1 dg blank
|
workstations
10.10.1.x dg 10.10.1.1

If you configure the RRAS router for NAT routing should just work.
Without NAT (ie LAN routing only) you need a static route on the Linksys to
send the traffic for the inner subnet to the internal router. ie

10.10.0.0 255.255.0.0 192.168.1.n

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
We have many issues with this configuration. Here are two:

1. You should not enable RRAS on a DC. Check this link for more details.

Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to
assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -

case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server ... To
assign the DNS and WINS to a VPN client for name resolution, you should
configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm


2. You don't need two NICs for VPN. How to may help,

How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How to
setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX ...
http://www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jeff" <(E-Mail Removed)> wrote in message
news:fYwqh.1217$(E-Mail Removed) ...
Just wondering if someone can please explain how I can get two different
ip
subnets working? I have been googling, reading the newsgroups, and
reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is
given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given
from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
ran
the wizards and went with the settings it provided but when all was said
and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the
JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some
help
in understanding what settings I need to make and where. Like I said I
have
been searching found alot kind of referencing what I am trying to do but
as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only
thing
I can figure out is this must be so easy that there does not need to be
any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would
appreciate
it.

Thanks, Jeff

Bill,

Thank you for the detail inputs.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message news:(E-Mail Removed)...
As Bob said there are a lot of issues involved here. Active Directory is
really overkill for a setup like that. You don't need it to allow an
incoming VPN connection and running RRAS on a DC is definitely not
recommended. The other major problem you strike with AD is DNS.

If you really want to run a domain behind a workgroup, it can be done.
It can even be done using the DC as the router (otherwise Small Business
Server wouldn't work) but it is not simple or straightforward. It certainly
doesn't work using the default setup wizard in Server 2003. It becomes even
more difficult if you also configure the DC as a VPN server.

If you only want a second IP subnet using the Windows server as a
router, things are simpler. You can configure the router as a normal LAN
router (but this will mean you need to add extra routing to the Linksys so
that it knows how to find your internal subnet). If you can't or don't wish
to fiddle with the Linksys, you need to configure the server as a NAT
router. This solves the routing problem on the Linksys because all traffic
going to the Linksys from your internal subnet is using the 192.168.1.x
address of the server (because of NAT).

The network config is like this.

Internet
|
Linksys
192.168.1.1
|
workgroup machines
192.168.1.x dg 192.168.1.1
|
192.168.1.n dg 192.168.1.1
RRAS
10.10.1.1 dg blank
|
workstations
10.10.1.x dg 10.10.1.1

If you configure the RRAS router for NAT routing should just work.
Without NAT (ie LAN routing only) you need a static route on the Linksys to
send the traffic for the inner subnet to the internal router. ie

10.10.0.0 255.255.0.0 192.168.1.n

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
We have many issues with this configuration. Here are two:

1. You should not enable RRAS on a DC. Check this link for more details.

Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to
assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -

case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server .... To
assign the DNS and WINS to a VPN client for name resolution, you should
configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm


2. You don't need two NICs for VPN. How to may help,

How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How to
setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX ...
http://www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jeff" <(E-Mail Removed)> wrote in message
news:fYwqh.1217$(E-Mail Removed) ...
Just wondering if someone can please explain how I can get two different
ip
subnets working? I have been googling, reading the newsgroups, and
reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is
given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given
from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
ran
the wizards and went with the settings it provided but when all was said
and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the
JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some
help
in understanding what settings I need to make and where. Like I said I
have
been searching found alot kind of referencing what I am trying to do but
as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only
thing
I can figure out is this must be so easy that there does not need to be
any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would
appreciate
it.

Thanks, Jeff

Thanks Robert and Bill,

I realize this is actually way more than I need for my setup, infact just
setting up a server is more than I even actually need. Although I do like
the vpn aspect that has helped out alot. I actually had the whole server
setup and working as I described except for the fact that I only had 1 nic
and had it all set to the same 192.168.x.x as my router. everything was
working very well that away after playing with it for awhile.

Robert I have actually used the sites that you have links to on numerous
occasions and have actually read a couple of the articles that you had
referenced here already, I have seen that you use this site quite often in
many of the posts here.

Bill thanks for a little more insite into this also, I guess since this is
not a recommended why to do this is maybe why I have been unable to find
very good info on the setup.

I am doing this more for learning than anything but would like to also put
it to some practical use. I have been some programming in .Net and was
wanting to set this up so I could also see how working with a network
effects the programming and the abiliting to Vpn to get to my system while
away is a wonderful thing at times and using it to allow a few other people
that I have set up as users to use the system as well. I just wanted to get
this into its own ip address range.

my thinking was(is) that this is what the server was suppossed to do. I
mean I see where it seems to be common practice to have two nic cards in the
server with the outside Wan coming into one and the network setup on the
second nic with the internal addressing. In my mind this is essentially the
same thing, like I said I am just learning so I may be way off base here. I
do not have the money or the computers to have serveral 2003 servers running
all the time i just thought this could all be accomplished on one machine
without too much issue like I had it setup with just the one nic card.

I thought that I had the Nic cards setup like what Bill is describing here,
but that my active directory went haywire on me which in turn would not let
me run the DHCP. But part of that problem could also have been that I had
already had everything set up using the one nic card on the 192.168.x.x ip
range and then when I tried to switch it over is when everything could have
went haywire.

Anyway thanks for the input I guess I will keep trying to get it set up, or
my second thought last night might be the simple solution and that would be
to get a second hardware router and segment the system that away, but then I
have not learned anything that away.

Again Thanks,

Jeff
"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Bill,

Thank you for the detail inputs.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
As Bob said there are a lot of issues involved here. Active Directory is
really overkill for a setup like that. You don't need it to allow an
incoming VPN connection and running RRAS on a DC is definitely not
recommended. The other major problem you strike with AD is DNS.

If you really want to run a domain behind a workgroup, it can be done.
It can even be done using the DC as the router (otherwise Small Business
Server wouldn't work) but it is not simple or straightforward. It certainly
doesn't work using the default setup wizard in Server 2003. It becomes even
more difficult if you also configure the DC as a VPN server.

If you only want a second IP subnet using the Windows server as a
router, things are simpler. You can configure the router as a normal LAN
router (but this will mean you need to add extra routing to the Linksys so
that it knows how to find your internal subnet). If you can't or don't wish
to fiddle with the Linksys, you need to configure the server as a NAT
router. This solves the routing problem on the Linksys because all traffic
going to the Linksys from your internal subnet is using the 192.168.1.x
address of the server (because of NAT).

The network config is like this.

Internet
|
Linksys
192.168.1.1
|
workgroup machines
192.168.1.x dg 192.168.1.1
|
192.168.1.n dg 192.168.1.1
RRAS
10.10.1.1 dg blank
|
workstations
10.10.1.x dg 10.10.1.1

If you configure the RRAS router for NAT routing should just work.
Without NAT (ie LAN routing only) you need a static route on the Linksys to
send the traffic for the inner subnet to the internal router. ie

10.10.0.0 255.255.0.0 192.168.1.n

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
We have many issues with this configuration. Here are two:

1. You should not enable RRAS on a DC. Check this link for more details.

Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to
assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -

case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server ... To
assign the DNS and WINS to a VPN client for name resolution, you should
configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm


2. You don't need two NICs for VPN. How to may help,

How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How to
setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX ...
http://www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jeff" <(E-Mail Removed)> wrote in message
news:fYwqh.1217$(E-Mail Removed) ...
Just wondering if someone can please explain how I can get two different
ip
subnets working? I have been googling, reading the newsgroups, and
reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is
given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given
from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
ran
the wizards and went with the settings it provided but when all was said
and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the
JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some
help
in understanding what settings I need to make and where. Like I said I
have
been searching found alot kind of referencing what I am trying to do but
as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only
thing
I can figure out is this must be so easy that there does not need to be
any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would
appreciate
it.

Thanks, Jeff

Thank you for the feedback.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Jeff" <(E-Mail Removed)> wrote in message news:I0Pqh.1259$(E-Mail Removed) ...
Thanks Robert and Bill,

I realize this is actually way more than I need for my setup, infact just
setting up a server is more than I even actually need. Although I do like
the vpn aspect that has helped out alot. I actually had the whole server
setup and working as I described except for the fact that I only had 1 nic
and had it all set to the same 192.168.x.x as my router. everything was
working very well that away after playing with it for awhile.

Robert I have actually used the sites that you have links to on numerous
occasions and have actually read a couple of the articles that you had
referenced here already, I have seen that you use this site quite often in
many of the posts here.

Bill thanks for a little more insite into this also, I guess since this is
not a recommended why to do this is maybe why I have been unable to find
very good info on the setup.

I am doing this more for learning than anything but would like to also put
it to some practical use. I have been some programming in .Net and was
wanting to set this up so I could also see how working with a network
effects the programming and the abiliting to Vpn to get to my system while
away is a wonderful thing at times and using it to allow a few other people
that I have set up as users to use the system as well. I just wanted to get
this into its own ip address range.

my thinking was(is) that this is what the server was suppossed to do. I
mean I see where it seems to be common practice to have two nic cards in the
server with the outside Wan coming into one and the network setup on the
second nic with the internal addressing. In my mind this is essentially the
same thing, like I said I am just learning so I may be way off base here. I
do not have the money or the computers to have serveral 2003 servers running
all the time i just thought this could all be accomplished on one machine
without too much issue like I had it setup with just the one nic card.

I thought that I had the Nic cards setup like what Bill is describing here,
but that my active directory went haywire on me which in turn would not let
me run the DHCP. But part of that problem could also have been that I had
already had everything set up using the one nic card on the 192.168.x.x ip
range and then when I tried to switch it over is when everything could have
went haywire.

Anyway thanks for the input I guess I will keep trying to get it set up, or
my second thought last night might be the simple solution and that would be
to get a second hardware router and segment the system that away, but then I
have not learned anything that away.

Again Thanks,

Jeff
"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Bill,

Thank you for the detail inputs.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
As Bob said there are a lot of issues involved here. Active Directory is
really overkill for a setup like that. You don't need it to allow an
incoming VPN connection and running RRAS on a DC is definitely not
recommended. The other major problem you strike with AD is DNS.

If you really want to run a domain behind a workgroup, it can be done.
It can even be done using the DC as the router (otherwise Small Business
Server wouldn't work) but it is not simple or straightforward. It certainly
doesn't work using the default setup wizard in Server 2003. It becomes even
more difficult if you also configure the DC as a VPN server.

If you only want a second IP subnet using the Windows server as a
router, things are simpler. You can configure the router as a normal LAN
router (but this will mean you need to add extra routing to the Linksys so
that it knows how to find your internal subnet). If you can't or don't wish
to fiddle with the Linksys, you need to configure the server as a NAT
router. This solves the routing problem on the Linksys because all traffic
going to the Linksys from your internal subnet is using the 192.168.1.x
address of the server (because of NAT).

The network config is like this.

Internet
|
Linksys
192.168.1.1
|
workgroup machines
192.168.1.x dg 192.168.1.1
|
192.168.1.n dg 192.168.1.1
RRAS
10.10.1.1 dg blank
|
workstations
10.10.1.x dg 10.10.1.1

If you configure the RRAS router for NAT routing should just work.
Without NAT (ie LAN routing only) you need a static route on the Linksys to
send the traffic for the inner subnet to the internal router. ie

10.10.0.0 255.255.0.0 192.168.1.n

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
We have many issues with this configuration. Here are two:

1. You should not enable RRAS on a DC. Check this link for more details.

Name resolution on VPN
Connection issues on DC, ISA, DNS and WINS server as VPN server How to
assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
client ...
http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -

case Studies - VPN error 721 and 800
Connection issues on DC, ISA, DNS and WINS server as VPN server .... To
assign the DNS and WINS to a VPN client for name resolution, you should
configure VPN ...
http://www.chicagotech.net/VPN/vpncase800.htm


2. You don't need two NICs for VPN. How to may help,

How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How to
setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX ...
http://www.howtonetworking.com/Windows/vpnsetup.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jeff" <(E-Mail Removed)> wrote in message
news:fYwqh.1217$(E-Mail Removed) ...
Just wondering if someone can please explain how I can get two different
ip
subnets working? I have been googling, reading the newsgroups, and
reading
books but I just can not figure out how to make this work.

I have Windows server 2003 and here is what i am trying to setup:

INTERNET
|
LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
|
|-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
THIER
INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
|
WINDOWS SERVER 2003
DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
DNS
DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
computer connecting to domain or vpn in should get a 10.10.1.x address
RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
WINS
FILE SERVER

This is where I can not get it to work, from my understanding i need two
nic cards in server.

NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default gateway?)
under advance tabs DNS=JEFF1 10.10.1.1 alternate is
given
one from my isp, WINS=JEFF1 10.10.1.1

NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
pointing to my Linksys Router static IP 192.168.1.2 subnet 255.255.255.0
default gateway 192.168.1.1
under advance tabs DNS= 192.168.1.2 alternate given
from
one from isp, WINS=192.168.1.2


When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
ran
the wizards and went with the settings it provided but when all was said
and
done it would not work. I could not see anyone on the 192.168 network,
could not get to the Domaine from the 192.168 network. Active Directory
freaked out on me to where I could not even access it it just kept saying
there was an error. It was like it was not seeing the
JEFF1.MYDOMAIN.LOCAL
server for some reason.

Any way I played with so many settings that I could think of from reading
the books or some articles i found on the web that i completely hosed it.
So I reformatted the drive and reloaded windows server and have left it
there before adding any roles or anything untill maybe I could get some
help
in understanding what settings I need to make and where. Like I said I
have
been searching found alot kind of referencing what I am trying to do but
as
of yet been able to find anything that kind of explains step by step or
shows examples of what the settings are suppossed to look like. Only
thing
I can figure out is this must be so easy that there does not need to be
any
explainations on the settings, but for the life of me I can not figure it
out.

So if anyone could kindly explain how/what to set this up or knows where
there is a pretty good detailed guide that I could follow I would
appreciate
it.

Thanks, Jeff

Active Directory will go haywire in a setup like that. One reason is DNS.
AD integrates with the local DNS, so you cannot use the DNS at your ISP
(which is how your workgroup computers use DNS). With AD, all computers in
the domain must use the local DNS only. To resolve foreign URLs, you need to
set the local DNS to forward to a public DNS service.

The second major problem is the multihomed DC. You have to be very
careful that the domain members only see the private (or local) IP address
of the DC. There is also the problem with Netbios names and the browser
service.

The wizards in SBS look after these problems. With Server 2003 Standard
or Enterprise you need to look after it yourself.

If you want to experiment with AD I would strongly support your idea of
using another device as the router and configure AD on a server with one
NIC. Note that you will still get some of these problems back if you connect
to this server by VPN. When a user connects, the server acquires a second IP
for its internal interface (ie the VPN endpoint). So you have a multihomed
DC again. These have been discussed by Bob.

"Jeff" <(E-Mail Removed)> wrote in message
news:I0Pqh.1259$(E-Mail Removed) ...
> Thanks Robert and Bill,
>
> I realize this is actually way more than I need for my setup, infact just
> setting up a server is more than I even actually need. Although I do like
> the vpn aspect that has helped out alot. I actually had the whole server
> setup and working as I described except for the fact that I only had 1 nic
> and had it all set to the same 192.168.x.x as my router. everything was
> working very well that away after playing with it for awhile.
>
> Robert I have actually used the sites that you have links to on numerous
> occasions and have actually read a couple of the articles that you had
> referenced here already, I have seen that you use this site quite often in
> many of the posts here.
>
> Bill thanks for a little more insite into this also, I guess since this is
> not a recommended why to do this is maybe why I have been unable to find
> very good info on the setup.
>
> I am doing this more for learning than anything but would like to also put
> it to some practical use. I have been some programming in .Net and was
> wanting to set this up so I could also see how working with a network
> effects the programming and the abiliting to Vpn to get to my system while
> away is a wonderful thing at times and using it to allow a few other
> people that I have set up as users to use the system as well. I just
> wanted to get this into its own ip address range.
>
> my thinking was(is) that this is what the server was suppossed to do. I
> mean I see where it seems to be common practice to have two nic cards in
> the server with the outside Wan coming into one and the network setup on
> the second nic with the internal addressing. In my mind this is
> essentially the same thing, like I said I am just learning so I may be way
> off base here. I do not have the money or the computers to have serveral
> 2003 servers running all the time i just thought this could all be
> accomplished on one machine without too much issue like I had it setup
> with just the one nic card.
>
> I thought that I had the Nic cards setup like what Bill is describing
> here, but that my active directory went haywire on me which in turn would
> not let me run the DHCP. But part of that problem could also have been
> that I had already had everything set up using the one nic card on the
> 192.168.x.x ip range and then when I tried to switch it over is when
> everything could have went haywire.
>
> Anyway thanks for the input I guess I will keep trying to get it set up,
> or my second thought last night might be the simple solution and that
> would be to get a second hardware router and segment the system that away,
> but then I have not learned anything that away.
>
> Again Thanks,
>
> Jeff
> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Bill,
>
> Thank you for the detail inputs.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
> As Bob said there are a lot of issues involved here. Active Directory is
> really overkill for a setup like that. You don't need it to allow an
> incoming VPN connection and running RRAS on a DC is definitely not
> recommended. The other major problem you strike with AD is DNS.
>
> If you really want to run a domain behind a workgroup, it can be done.
> It can even be done using the DC as the router (otherwise Small Business
> Server wouldn't work) but it is not simple or straightforward. It
> certainly
> doesn't work using the default setup wizard in Server 2003. It becomes
> even
> more difficult if you also configure the DC as a VPN server.
>
> If you only want a second IP subnet using the Windows server as a
> router, things are simpler. You can configure the router as a normal LAN
> router (but this will mean you need to add extra routing to the Linksys so
> that it knows how to find your internal subnet). If you can't or don't
> wish
> to fiddle with the Linksys, you need to configure the server as a NAT
> router. This solves the routing problem on the Linksys because all traffic
> going to the Linksys from your internal subnet is using the 192.168.1.x
> address of the server (because of NAT).
>
> The network config is like this.
>
> Internet
> |
> Linksys
> 192.168.1.1
> |
> workgroup machines
> 192.168.1.x dg 192.168.1.1
> |
> 192.168.1.n dg 192.168.1.1
> RRAS
> 10.10.1.1 dg blank
> |
> workstations
> 10.10.1.x dg 10.10.1.1
>
> If you configure the RRAS router for NAT routing should just work.
> Without NAT (ie LAN routing only) you need a static route on the Linksys
> to
> send the traffic for the inner subnet to the internal router. ie
>
> 10.10.0.0 255.255.0.0 192.168.1.n
>
> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> We have many issues with this configuration. Here are two:
>
> 1. You should not enable RRAS on a DC. Check this link for more details.
>
> Name resolution on VPN
> Connection issues on DC, ISA, DNS and WINS server as VPN server How
> to
> assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
> client ...
> http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -
>
> case Studies - VPN error 721 and 800
> Connection issues on DC, ISA, DNS and WINS server as VPN server ...
> To
> assign the DNS and WINS to a VPN client for name resolution, you should
> configure VPN ...
> http://www.chicagotech.net/VPN/vpncase800.htm
>
>
> 2. You don't need two NICs for VPN. How to may help,
>
> How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How
> to
> setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX
> ...
> http://www.howtonetworking.com/Windows/vpnsetup.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "Jeff" <(E-Mail Removed)> wrote in message
> news:fYwqh.1217$(E-Mail Removed) ...
> Just wondering if someone can please explain how I can get two different
> ip
> subnets working? I have been googling, reading the newsgroups, and
> reading
> books but I just can not figure out how to make this work.
>
> I have Windows server 2003 and here is what i am trying to setup:
>
> INTERNET
> |
> LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
> |
> |-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
> THIER
> INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
> |
> WINDOWS SERVER 2003
> DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
> DNS
> DHCP - set to give out ip ranges of 10.10.1.10 to 10.10.1.20
> computer connecting to domain or vpn in should get a 10.10.1.x address
> RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I GET
> THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
> WINS
> FILE SERVER
>
> This is where I can not get it to work, from my understanding i need two
> nic cards in server.
>
> NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set my
> domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default
> gateway?)
> under advance tabs DNS=JEFF1 10.10.1.1 alternate is
> given
> one from my isp, WINS=JEFF1 10.10.1.1
>
> NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
> pointing to my Linksys Router static IP 192.168.1.2 subnet
> 255.255.255.0
> default gateway 192.168.1.1
> under advance tabs DNS= 192.168.1.2 alternate given
> from
> one from isp, WINS=192.168.1.2
>
>
> When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
> ran
> the wizards and went with the settings it provided but when all was said
> and
> done it would not work. I could not see anyone on the 192.168 network,
> could not get to the Domaine from the 192.168 network. Active Directory
> freaked out on me to where I could not even access it it just kept saying
> there was an error. It was like it was not seeing the
> JEFF1.MYDOMAIN.LOCAL
> server for some reason.
>
> Any way I played with so many settings that I could think of from reading
> the books or some articles i found on the web that i completely hosed it.
> So I reformatted the drive and reloaded windows server and have left it
> there before adding any roles or anything untill maybe I could get some
> help
> in understanding what settings I need to make and where. Like I said I
> have
> been searching found alot kind of referencing what I am trying to do but
> as
> of yet been able to find anything that kind of explains step by step or
> shows examples of what the settings are suppossed to look like. Only
> thing
> I can figure out is this must be so easy that there does not need to be
> any
> explainations on the settings, but for the life of me I can not figure it
> out.
>
> So if anyone could kindly explain how/what to set this up or knows where
> there is a pretty good detailed guide that I could follow I would
> appreciate
> it.
>
> Thanks, Jeff
>

Just wanted to give you a follow. As of last night i finally got this up
and running, all on the one server without having to go the hardware router
route. I was able to get everything being handled by the server with two
nic cards.

Thanks again for the help.

Jeff

"Bill Grant" <not.available@online> wrote in message
news:%(E-Mail Removed)...
> Active Directory will go haywire in a setup like that. One reason is
> DNS. AD integrates with the local DNS, so you cannot use the DNS at your
> ISP (which is how your workgroup computers use DNS). With AD, all
> computers in the domain must use the local DNS only. To resolve foreign
> URLs, you need to set the local DNS to forward to a public DNS service.
>
> The second major problem is the multihomed DC. You have to be very
> careful that the domain members only see the private (or local) IP address
> of the DC. There is also the problem with Netbios names and the browser
> service.
>
> The wizards in SBS look after these problems. With Server 2003 Standard
> or Enterprise you need to look after it yourself.
>
> If you want to experiment with AD I would strongly support your idea of
> using another device as the router and configure AD on a server with one
> NIC. Note that you will still get some of these problems back if you
> connect to this server by VPN. When a user connects, the server acquires a
> second IP for its internal interface (ie the VPN endpoint). So you have a
> multihomed DC again. These have been discussed by Bob.
>
> "Jeff" <(E-Mail Removed)> wrote in message
> news:I0Pqh.1259$(E-Mail Removed) ...
>> Thanks Robert and Bill,
>>
>> I realize this is actually way more than I need for my setup, infact just
>> setting up a server is more than I even actually need. Although I do
>> like the vpn aspect that has helped out alot. I actually had the whole
>> server setup and working as I described except for the fact that I only
>> had 1 nic and had it all set to the same 192.168.x.x as my router.
>> everything was working very well that away after playing with it for
>> awhile.
>>
>> Robert I have actually used the sites that you have links to on numerous
>> occasions and have actually read a couple of the articles that you had
>> referenced here already, I have seen that you use this site quite often
>> in many of the posts here.
>>
>> Bill thanks for a little more insite into this also, I guess since this
>> is not a recommended why to do this is maybe why I have been unable to
>> find very good info on the setup.
>>
>> I am doing this more for learning than anything but would like to also
>> put it to some practical use. I have been some programming in .Net and
>> was wanting to set this up so I could also see how working with a network
>> effects the programming and the abiliting to Vpn to get to my system
>> while away is a wonderful thing at times and using it to allow a few
>> other people that I have set up as users to use the system as well. I
>> just wanted to get this into its own ip address range.
>>
>> my thinking was(is) that this is what the server was suppossed to do. I
>> mean I see where it seems to be common practice to have two nic cards in
>> the server with the outside Wan coming into one and the network setup on
>> the second nic with the internal addressing. In my mind this is
>> essentially the same thing, like I said I am just learning so I may be
>> way off base here. I do not have the money or the computers to have
>> serveral 2003 servers running all the time i just thought this could all
>> be accomplished on one machine without too much issue like I had it setup
>> with just the one nic card.
>>
>> I thought that I had the Nic cards setup like what Bill is describing
>> here, but that my active directory went haywire on me which in turn would
>> not let me run the DHCP. But part of that problem could also have been
>> that I had already had everything set up using the one nic card on the
>> 192.168.x.x ip range and then when I tried to switch it over is when
>> everything could have went haywire.
>>
>> Anyway thanks for the input I guess I will keep trying to get it set up,
>> or my second thought last night might be the simple solution and that
>> would be to get a second hardware router and segment the system that
>> away, but then I have not learned anything that away.
>>
>> Again Thanks,
>>
>> Jeff
>> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> Bill,
>>
>> Thank you for the detail inputs.
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "Bill Grant" <not.available@online> wrote in message
>> news:(E-Mail Removed)...
>> As Bob said there are a lot of issues involved here. Active Directory is
>> really overkill for a setup like that. You don't need it to allow an
>> incoming VPN connection and running RRAS on a DC is definitely not
>> recommended. The other major problem you strike with AD is DNS.
>>
>> If you really want to run a domain behind a workgroup, it can be done.
>> It can even be done using the DC as the router (otherwise Small Business
>> Server wouldn't work) but it is not simple or straightforward. It
>> certainly
>> doesn't work using the default setup wizard in Server 2003. It becomes
>> even
>> more difficult if you also configure the DC as a VPN server.
>>
>> If you only want a second IP subnet using the Windows server as a
>> router, things are simpler. You can configure the router as a normal LAN
>> router (but this will mean you need to add extra routing to the Linksys
>> so
>> that it knows how to find your internal subnet). If you can't or don't
>> wish
>> to fiddle with the Linksys, you need to configure the server as a NAT
>> router. This solves the routing problem on the Linksys because all
>> traffic
>> going to the Linksys from your internal subnet is using the 192.168.1.x
>> address of the server (because of NAT).
>>
>> The network config is like this.
>>
>> Internet
>> |
>> Linksys
>> 192.168.1.1
>> |
>> workgroup machines
>> 192.168.1.x dg 192.168.1.1
>> |
>> 192.168.1.n dg 192.168.1.1
>> RRAS
>> 10.10.1.1 dg blank
>> |
>> workstations
>> 10.10.1.x dg 10.10.1.1
>>
>> If you configure the RRAS router for NAT routing should just work.
>> Without NAT (ie LAN routing only) you need a static route on the Linksys
>> to
>> send the traffic for the inner subnet to the internal router. ie
>>
>> 10.10.0.0 255.255.0.0 192.168.1.n
>>
>> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> We have many issues with this configuration. Here are two:
>>
>> 1. You should not enable RRAS on a DC. Check this link for more details.
>>
>> Name resolution on VPN
>> Connection issues on DC, ISA, DNS and WINS server as VPN server How
>> to
>> assign DNS and WINS on VPN client manually Name resolution Issue in a VPN
>> client ...
>> http://www.chicagotech.net/nameresolutionpnvpn.htm - Jan 12, 2007 -
>>
>> case Studies - VPN error 721 and 800
>> Connection issues on DC, ISA, DNS and WINS server as VPN server ...
>> To
>> assign the DNS and WINS to a VPN client for name resolution, you should
>> configure VPN ...
>> http://www.chicagotech.net/VPN/vpncase800.htm
>>
>>
>> 2. You don't need two NICs for VPN. How to may help,
>>
>> How to setup VPNHow to setup Windows 2003 as VPN server with one NIC How
>> to
>> setup VPN on w2k server with one NIC How to use PPTP through a Cisco PIX
>> ...
>> http://www.howtonetworking.com/Windows/vpnsetup.htm
>>
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "Jeff" <(E-Mail Removed)> wrote in message
>> news:fYwqh.1217$(E-Mail Removed) ...
>> Just wondering if someone can please explain how I can get two different
>> ip
>> subnets working? I have been googling, reading the newsgroups, and
>> reading
>> books but I just can not figure out how to make this work.
>>
>> I have Windows server 2003 and here is what i am trying to setup:
>>
>> INTERNET
>> |
>> LINKSYS ROUTER - PPOE CONNECTION TO DSL INTERNAL IP 192.168.1.1
>> |
>> |-WORKGROUP (WIFE AND DAUGHTER LEFT HERE (THEY WOULD KILL ME IF
>> THIER
>> INTERNET CONNECTION WAS UNAVAILABLE DUE TO MY PLAYING)
>> |
>> WINDOWS SERVER 2003
>> DOMAIN CONTROLLER - MYDOMAIN.LOCAL - WANT THIS AS IP 10.10.1.1
>> DNS
>> DHCP - set to give out ip ranges of 10.10.1.10 to
>> 10.10.1.20
>> computer connecting to domain or vpn in should get a 10.10.1.x address
>> RRAS - (TO BE ABLE TO VPN IN) I BELIEVE THIS IS WHERE I
>> GET
>> THE SERVER NAME OF JEFF1.MYDOMAIN.LOCAL
>> WINS
>> FILE SERVER
>>
>> This is where I can not get it to work, from my understanding i need
>> two
>> nic cards in server.
>>
>> NIC 1 - LOCAL AREA CONNECTION 1 - I believe this is the one that i set
>> my
>> domain up on static IP 10.10.1.1 subnet 255.255.0.0 (no default
>> gateway?)
>> under advance tabs DNS=JEFF1 10.10.1.1 alternate is
>> given
>> one from my isp, WINS=JEFF1 10.10.1.1
>>
>> NIC 2 - LOCAL AREA CONNECTION 2 - I believe this is the one that i set
>> pointing to my Linksys Router static IP 192.168.1.2 subnet
>> 255.255.255.0
>> default gateway 192.168.1.1
>> under advance tabs DNS= 192.168.1.2 alternate given
>> from
>> one from isp, WINS=192.168.1.2
>>
>>
>> When configuring the Domain Controller, DNS, DHCP, RRAS, and WINS I just
>> ran
>> the wizards and went with the settings it provided but when all was said
>> and
>> done it would not work. I could not see anyone on the 192.168 network,
>> could not get to the Domaine from the 192.168 network. Active Directory
>> freaked out on me to where I could not even access it it just kept
>> saying
>> there was an error. It was like it was not seeing the
>> JEFF1.MYDOMAIN.LOCAL
>> server for some reason.
>>
>> Any way I played with so many settings that I could think of from
>> reading
>> the books or some articles i found on the web that i completely hosed
>> it.
>> So I reformatted the drive and reloaded windows server and have left it
>> there before adding any roles or anything untill maybe I could get some
>> help
>> in understanding what settings I need to make and where. Like I said I
>> have
>> been searching found alot kind of referencing what I am trying to do but
>> as
>> of yet been able to find anything that kind of explains step by step or
>> shows examples of what the settings are suppossed to look like. Only
>> thing
>> I can figure out is this must be so easy that there does not need to be
>> any
>> explainations on the settings, but for the life of me I can not figure
>> it
>> out.
>>
>> So if anyone could kindly explain how/what to set this up or knows where
>> there is a pretty good detailed guide that I could follow I would
>> appreciate
>> it.
>>
>> Thanks, Jeff
>>
>
>