network advice

Hi All,

I have network of one server AD, windows 2003 with 2 NIC, 3 heavy duty high end 24 port switches, few regular 8 port switches. 90 workstations, 1 router 4 ports (low end 1).
The current setting as follow:

|
[switch]-----[server] (windows 2003, AD)
|
[router] (DNS, DHCP)-----------[server 2nd NIC]
| | |
[3 switches]
|
[workstations](win xp, 2000, nt4, win98)

some PC with manual IP config (no gateway) no internet access
some PC with Dynamic IP, so have internet access.

now company has bought ISA and want to control internet access with ISA, I still feel there is something wrong with current configuration.
any suggestions.

Thanks

Tim

1. it is not recommended install AD on a multihomed computer, so you may
want to add another server.
2. All switches and computers should be behind ISA

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"t" <(E-Mail Removed)> wrote in message news:%(E-Mail Removed)...
Hi All,

I have network of one server AD, windows 2003 with 2 NIC, 3 heavy duty high
end 24 port switches, few regular 8 port switches. 90 workstations, 1 router
4 ports (low end 1).
The current setting as follow:

|
[switch]-----[server] (windows 2003, AD)
|
[router] (DNS, DHCP)-----------[server 2nd NIC]
| | |
[3 switches]
|
[workstations](win xp, 2000, nt4, win98)

some PC with manual IP config (no gateway) no internet access
some PC with Dynamic IP, so have internet access.

now company has bought ISA and want to control internet access with ISA, I
still feel there is something wrong with current configuration.
any suggestions.

Thanks

Tim

Hi Robert,

adding another server is not an option, I agree that all switches and
computers should be behind ISA.
the problem I have is DNS setting on the router only, that makes DC confused
to find any computer to apply policy.
any recommendation.

Tim

"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> 1. it is not recommended install AD on a multihomed computer, so you may
> want to add another server.
> 2. All switches and computers should be behind ISA
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Robert Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
>
> "t" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi All,
>
> I have network of one server AD, windows 2003 with 2 NIC, 3 heavy duty
high
> end 24 port switches, few regular 8 port switches. 90 workstations, 1
router
> 4 ports (low end 1).
> The current setting as follow:
>
> |
> [switch]-----[server] (windows 2003, AD)
> |
> [router] (DNS, DHCP)-----------[server 2nd NIC]
> | | |
> [3 switches]
> |
> [workstations](win xp, 2000, nt4, win98)
>
> some PC with manual IP config (no gateway) no internet access
> some PC with Dynamic IP, so have internet access.
>
> now company has bought ISA and want to control internet access with ISA, I
> still feel there is something wrong with current configuration.
> any suggestions.
>
> Thanks
>
> Tim
>
>

If you want to use ISA to regulate Internet access, the server will need
to be the gateway between your LAN and the Internet, with one NIC linked to
the LAN and the other to the Internet. The server cannot regulate the
Internet traffic if LAN clients can access the router directly.

The server would need to take over the DNS and DHCP service for the LAN
machines. You can either drop the router from the config altogether (and
connect the ISA server directly to the Internet), or set up a link between
the router and the server's "public" NIC using a different subnet from the
LAN machines.

"t" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Hi Robert,
>
> adding another server is not an option, I agree that all switches and
> computers should be behind ISA.
> the problem I have is DNS setting on the router only, that makes DC
> confused
> to find any computer to apply policy.
> any recommendation.
>
> Tim
>
> "Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> 1. it is not recommended install AD on a multihomed computer, so you may
>> want to add another server.
>> 2. All switches and computers should be behind ISA
>>
>> --
>> For more and other information, go to http://www.ChicagoTech.net
>>
>> Don't send e-mail or reply to me except you need consulting services.
>> Posting on MS newsgroup will benefit all readers and you may get more
> help.
>>
>> Robert Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
>> http://www.ChicagoTech.net
>> This posting is provided "AS IS" with no warranties.
>>
>> "t" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi All,
>>
>> I have network of one server AD, windows 2003 with 2 NIC, 3 heavy duty
> high
>> end 24 port switches, few regular 8 port switches. 90 workstations, 1
> router
>> 4 ports (low end 1).
>> The current setting as follow:
>>
>> |
>> [switch]-----[server] (windows 2003, AD)
>> |
>> [router] (DNS, DHCP)-----------[server 2nd NIC]
>> | | |
>> [3 switches]
>> |
>> [workstations](win xp, 2000, nt4, win98)
>>
>> some PC with manual IP config (no gateway) no internet access
>> some PC with Dynamic IP, so have internet access.
>>
>> now company has bought ISA and want to control internet access with ISA,
>> I
>> still feel there is something wrong with current configuration.
>> any suggestions.
>>
>> Thanks
>>
>> Tim
>>
>>
>
>