New At Network Configuration

Hi All,

I am very new to all of this.

I am using MS Server 2003 R2 etc and so far have tried some very simple
networks all using the same internal network.

Now I would like to start a network where a group of workstations connect to
the network but using a different address.
So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall, an
administrative computer and then the Group of
workstaions connect via the admin computer to the network.

Computer 1. two NIC's (one for the internet, one for the local network) (srv
2003 r2)
Computer 2. a single NIC (web server)
Computer 3. two NIC's (one for the local network and one for the admin
computer) (firewall)
Computer 4. two NIC's (one to connect to admin and the other to the Group of
workstations) (Admin)
Computers 5 - 10 one NIC each


I let the server program configure as a typical first server. OK. Those
computers that reside up to the firewall
(as yet not installed), computers 1 to 3, connect to the network and also
the internet using DHCP/DNS/AD/RRAS as setup.

However, The card in computer 3 that looks to connect to the admin computer
and those which look from the workstations
to the admin computer do not connect to the network.

I have not setup any other configurations except as instructed "To Do Next"
after the initial setup. I am seeing leases
used under DHCP and the same addresses appearing in the FWD Lookup zone
under the domain name.

Can some assist me in configuring the necessary aspects to help me rectify
the problem.

> administrative computer and then the Group of
> workstaions connect via the admin computer to the network


You lost me here.

I really can't follow what you are trying to do.

DDS
"Silom" <(E-Mail Removed)> wrote in message
news:53466EA0-D716-49D8-9E68-(E-Mail Removed)...
> Hi All,
>
> I am very new to all of this.
>
> I am using MS Server 2003 R2 etc and so far have tried some very simple
> networks all using the same internal network.
>
> Now I would like to start a network where a group of workstations connect
> to the network but using a different address.
> So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall, an
> administrative computer and then the Group of
> workstaions connect via the admin computer to the network.
>
> Computer 1. two NIC's (one for the internet, one for the local network)
> (srv 2003 r2)
> Computer 2. a single NIC (web server)
> Computer 3. two NIC's (one for the local network and one for the admin
> computer) (firewall)
> Computer 4. two NIC's (one to connect to admin and the other to the Group
> of workstations) (Admin)
> Computers 5 - 10 one NIC each
>
>
> I let the server program configure as a typical first server. OK. Those
> computers that reside up to the firewall
> (as yet not installed), computers 1 to 3, connect to the network and also
> the internet using DHCP/DNS/AD/RRAS as setup.
>
> However, The card in computer 3 that looks to connect to the admin
> computer and those which look from the workstations
> to the admin computer do not connect to the network.
>
> I have not setup any other configurations except as instructed "To Do
> Next" after the initial setup. I am seeing leases
> used under DHCP and the same addresses appearing in the FWD Lookup zone
> under the domain name.
>
> Can some assist me in configuring the necessary aspects to help me rectify
> the problem.

I agree with Danny. This is much too complex. Using multihomed servers as
domain controllers is bad practice and will cause you problems.

If you want to use a server as a router/firewall for your LAN, do not
make it a domain controller. Use a standalone server (running ISA server if
possible). But this may be overkill for your setup. For testing you could
use RRAS, which comes as part of 2003 R2, as a NAT router. Have you
considered running a hardware firewall instead?

You only need one internal network, and the machines on it only need one
NIC. Only the router/firewall should have an interface in both networks. eg

Internet
|
public IP
router/firewall
private IP (eg 192.168.31.254) default gateway blank
|
all LAN machines (workstations and servers)
192.168.31.x dg 192.168.31.254

Give the server you want to use as the DC a static IP, then run dcpromo
to set up AD and DNS. When you configure DHCP, set all machines to use the
DC for DNS and the firewall as default gateway (192.168.31.254 in the
example above). Modify the DNS on your DC to forward to a public DNS server
(so that it can resolve foreign URLs as well as local names).

Where you locate the web server is a problem. If you put it on the
"public" network, you will have problems using it or updating it from the
LAN (because it is outside the firewall). A common practice is to have the
web server on the LAN and arrange for public access to it via the firewall.
(That is the remote users connect to the firewall and the firewall redirects
queries to the web server on the LAN).


"Danny Sanders" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>> administrative computer and then the Group of
>> workstaions connect via the admin computer to the network
>
>
> You lost me here.
>
> I really can't follow what you are trying to do.
>
> DDS
> "Silom" <(E-Mail Removed)> wrote in message
> news:53466EA0-D716-49D8-9E68-(E-Mail Removed)...
>> Hi All,
>>
>> I am very new to all of this.
>>
>> I am using MS Server 2003 R2 etc and so far have tried some very simple
>> networks all using the same internal network.
>>
>> Now I would like to start a network where a group of workstations connect
>> to the network but using a different address.
>> So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall, an
>> administrative computer and then the Group of
>> workstaions connect via the admin computer to the network.
>>
>> Computer 1. two NIC's (one for the internet, one for the local network)
>> (srv 2003 r2)
>> Computer 2. a single NIC (web server)
>> Computer 3. two NIC's (one for the local network and one for the admin
>> computer) (firewall)
>> Computer 4. two NIC's (one to connect to admin and the other to the Group
>> of workstations) (Admin)
>> Computers 5 - 10 one NIC each
>>
>>
>> I let the server program configure as a typical first server. OK. Those
>> computers that reside up to the firewall
>> (as yet not installed), computers 1 to 3, connect to the network and also
>> the internet using DHCP/DNS/AD/RRAS as setup.
>>
>> However, The card in computer 3 that looks to connect to the admin
>> computer and those which look from the workstations
>> to the admin computer do not connect to the network.
>>
>> I have not setup any other configurations except as instructed "To Do
>> Next" after the initial setup. I am seeing leases
>> used under DHCP and the same addresses appearing in the FWD Lookup zone
>> under the domain name.
>>
>> Can some assist me in configuring the necessary aspects to help me
>> rectify the problem.
>
>

Hi,

May I firstly thank you for your good council.

Having worked through your scheme I now understand much better what a
monster
I had proposed.

I see that the private ip settings are in essence the same but in one
or two places they are different than before. I have assumed this was
because
I had two NIC's on the DC. Certainly the elements contained within
AD/DN/DHCP
all appear to be working properly and adding a new machine connects without
any
problems and its information is broadcast throughout AD/DN/DHCP.

I was thinking of ISA server for the firewall and I have set this up as a
standalone
server and joined it to the DC. I have been slowly configuring it and it
communicates
with AD on the DC server with no difficulty.

QUESTION:

Am I correct in that I also need to install RRAS on the ISA server computer
in order
for internal network clients to access the internet. This they cannot do at
the moment.

If this is correct are there any additional settings that are require over
and above
those put in place when the installation wizard is run??

If I am not correct I am sorry but I cannot find settings within the ISA
manager to fix
the problem.

Once again many thanks for your kind help and assistance.


"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> I agree with Danny. This is much too complex. Using multihomed servers as
> domain controllers is bad practice and will cause you problems.
>
> If you want to use a server as a router/firewall for your LAN, do not
> make it a domain controller. Use a standalone server (running ISA server
> if possible). But this may be overkill for your setup. For testing you
> could use RRAS, which comes as part of 2003 R2, as a NAT router. Have you
> considered running a hardware firewall instead?
>
> You only need one internal network, and the machines on it only need
> one NIC. Only the router/firewall should have an interface in both
> networks. eg
>
> Internet
> |
> public IP
> router/firewall
> private IP (eg 192.168.31.254) default gateway blank
> |
> all LAN machines (workstations and servers)
> 192.168.31.x dg 192.168.31.254
>
> Give the server you want to use as the DC a static IP, then run dcpromo
> to set up AD and DNS. When you configure DHCP, set all machines to use the
> DC for DNS and the firewall as default gateway (192.168.31.254 in the
> example above). Modify the DNS on your DC to forward to a public DNS
> server (so that it can resolve foreign URLs as well as local names).
>
> Where you locate the web server is a problem. If you put it on the
> "public" network, you will have problems using it or updating it from the
> LAN (because it is outside the firewall). A common practice is to have the
> web server on the LAN and arrange for public access to it via the
> firewall. (That is the remote users connect to the firewall and the
> firewall redirects queries to the web server on the LAN).
>
>
> "Danny Sanders" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>> administrative computer and then the Group of
>>> workstaions connect via the admin computer to the network
>>
>>
>> You lost me here.
>>
>> I really can't follow what you are trying to do.
>>
>> DDS
>> "Silom" <(E-Mail Removed)> wrote in message
>> news:53466EA0-D716-49D8-9E68-(E-Mail Removed)...
>>> Hi All,
>>>
>>> I am very new to all of this.
>>>
>>> I am using MS Server 2003 R2 etc and so far have tried some very simple
>>> networks all using the same internal network.
>>>
>>> Now I would like to start a network where a group of workstations
>>> connect to the network but using a different address.
>>> So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall, an
>>> administrative computer and then the Group of
>>> workstaions connect via the admin computer to the network.
>>>
>>> Computer 1. two NIC's (one for the internet, one for the local network)
>>> (srv 2003 r2)
>>> Computer 2. a single NIC (web server)
>>> Computer 3. two NIC's (one for the local network and one for the admin
>>> computer) (firewall)
>>> Computer 4. two NIC's (one to connect to admin and the other to the
>>> Group of workstations) (Admin)
>>> Computers 5 - 10 one NIC each
>>>
>>>
>>> I let the server program configure as a typical first server. OK. Those
>>> computers that reside up to the firewall
>>> (as yet not installed), computers 1 to 3, connect to the network and
>>> also the internet using DHCP/DNS/AD/RRAS as setup.
>>>
>>> However, The card in computer 3 that looks to connect to the admin
>>> computer and those which look from the workstations
>>> to the admin computer do not connect to the network.
>>>
>>> I have not setup any other configurations except as instructed "To Do
>>> Next" after the initial setup. I am seeing leases
>>> used under DHCP and the same addresses appearing in the FWD Lookup zone
>>> under the domain name.
>>>
>>> Can some assist me in configuring the necessary aspects to help me
>>> rectify the problem.
>>
>>
>
>

If you have installed ISA server, do not try to change the settings in
RRAS manually. ISA sits on top of RRAS and configures RRAS directly. If it
is not working, you have not configured ISA correctly.

"Silom" <(E-Mail Removed)> wrote in message
news:C2FD36B6-CB13-4B6B-B73B-(E-Mail Removed)...
> Hi,
>
> May I firstly thank you for your good council.
>
> Having worked through your scheme I now understand much better what a
> monster
> I had proposed.
>
> I see that the private ip settings are in essence the same but in one
> or two places they are different than before. I have assumed this was
> because
> I had two NIC's on the DC. Certainly the elements contained within
> AD/DN/DHCP
> all appear to be working properly and adding a new machine connects
> without
> any
> problems and its information is broadcast throughout AD/DN/DHCP.
>
> I was thinking of ISA server for the firewall and I have set this up as a
> standalone
> server and joined it to the DC. I have been slowly configuring it and it
> communicates
> with AD on the DC server with no difficulty.
>
> QUESTION:
>
> Am I correct in that I also need to install RRAS on the ISA server
> computer
> in order
> for internal network clients to access the internet. This they cannot do
> at
> the moment.
>
> If this is correct are there any additional settings that are require over
> and above
> those put in place when the installation wizard is run??
>
> If I am not correct I am sorry but I cannot find settings within the ISA
> manager to fix
> the problem.
>
> Once again many thanks for your kind help and assistance.
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> I agree with Danny. This is much too complex. Using multihomed servers
>> as
>> domain controllers is bad practice and will cause you problems.
>>
>> If you want to use a server as a router/firewall for your LAN, do not
>> make it a domain controller. Use a standalone server (running ISA server
>> if possible). But this may be overkill for your setup. For testing you
>> could use RRAS, which comes as part of 2003 R2, as a NAT router. Have you
>> considered running a hardware firewall instead?
>>
>> You only need one internal network, and the machines on it only need
>> one NIC. Only the router/firewall should have an interface in both
>> networks. eg
>>
>> Internet
>> |
>> public IP
>> router/firewall
>> private IP (eg 192.168.31.254) default gateway blank
>> |
>> all LAN machines (workstations and servers)
>> 192.168.31.x dg 192.168.31.254
>>
>> Give the server you want to use as the DC a static IP, then run
>> dcpromo
>> to set up AD and DNS. When you configure DHCP, set all machines to use
>> the
>> DC for DNS and the firewall as default gateway (192.168.31.254 in the
>> example above). Modify the DNS on your DC to forward to a public DNS
>> server (so that it can resolve foreign URLs as well as local names).
>>
>> Where you locate the web server is a problem. If you put it on the
>> "public" network, you will have problems using it or updating it from the
>> LAN (because it is outside the firewall). A common practice is to have
>> the
>> web server on the LAN and arrange for public access to it via the
>> firewall. (That is the remote users connect to the firewall and the
>> firewall redirects queries to the web server on the LAN).
>>
>>
>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>>> administrative computer and then the Group of
>>>> workstaions connect via the admin computer to the network
>>>
>>>
>>> You lost me here.
>>>
>>> I really can't follow what you are trying to do.
>>>
>>> DDS
>>> "Silom" <(E-Mail Removed)> wrote in message
>>> news:53466EA0-D716-49D8-9E68-(E-Mail Removed)...
>>>> Hi All,
>>>>
>>>> I am very new to all of this.
>>>>
>>>> I am using MS Server 2003 R2 etc and so far have tried some very simple
>>>> networks all using the same internal network.
>>>>
>>>> Now I would like to start a network where a group of workstations
>>>> connect to the network but using a different address.
>>>> So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall,
>>>> an
>>>> administrative computer and then the Group of
>>>> workstaions connect via the admin computer to the network.
>>>>
>>>> Computer 1. two NIC's (one for the internet, one for the local network)
>>>> (srv 2003 r2)
>>>> Computer 2. a single NIC (web server)
>>>> Computer 3. two NIC's (one for the local network and one for the admin
>>>> computer) (firewall)
>>>> Computer 4. two NIC's (one to connect to admin and the other to the
>>>> Group of workstations) (Admin)
>>>> Computers 5 - 10 one NIC each
>>>>
>>>>
>>>> I let the server program configure as a typical first server. OK. Those
>>>> computers that reside up to the firewall
>>>> (as yet not installed), computers 1 to 3, connect to the network and
>>>> also the internet using DHCP/DNS/AD/RRAS as setup.
>>>>
>>>> However, The card in computer 3 that looks to connect to the admin
>>>> computer and those which look from the workstations
>>>> to the admin computer do not connect to the network.
>>>>
>>>> I have not setup any other configurations except as instructed "To Do
>>>> Next" after the initial setup. I am seeing leases
>>>> used under DHCP and the same addresses appearing in the FWD Lookup zone
>>>> under the domain name.
>>>>
>>>> Can some assist me in configuring the necessary aspects to help me
>>>> rectify the problem.
>>>
>>>
>>
>>

Hi,

Firstly, so as I understand correctly.

I install RRAS for NAT before ISA??
ISA sets RRAS parameters.??

Or is it that I do not install RRAS and ISA in effect does this for you.

I understand what you say about configuring ISA, as to start with the
computer
running ISA could only connect to the ms site. Now I can connect to any
site.

Also before the installation of ISA the DC Server computer could ping the
server
that ISA was to be installed on. Now it cannot.

Again thank you for your patience.

------------------------------------

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> If you have installed ISA server, do not try to change the settings in
> RRAS manually. ISA sits on top of RRAS and configures RRAS directly. If it
> is not working, you have not configured ISA correctly.
>
> "Silom" <(E-Mail Removed)> wrote in message
> news:C2FD36B6-CB13-4B6B-B73B-(E-Mail Removed)...
>> Hi,
>>
>> May I firstly thank you for your good council.
>>
>> Having worked through your scheme I now understand much better what a
>> monster
>> I had proposed.
>>
>> I see that the private ip settings are in essence the same but in one
>> or two places they are different than before. I have assumed this was
>> because
>> I had two NIC's on the DC. Certainly the elements contained within
>> AD/DN/DHCP
>> all appear to be working properly and adding a new machine connects
>> without
>> any
>> problems and its information is broadcast throughout AD/DN/DHCP.
>>
>> I was thinking of ISA server for the firewall and I have set this up as a
>> standalone
>> server and joined it to the DC. I have been slowly configuring it and it
>> communicates
>> with AD on the DC server with no difficulty.
>>
>> QUESTION:
>>
>> Am I correct in that I also need to install RRAS on the ISA server
>> computer
>> in order
>> for internal network clients to access the internet. This they cannot do
>> at
>> the moment.
>>
>> If this is correct are there any additional settings that are require
>> over
>> and above
>> those put in place when the installation wizard is run??
>>
>> If I am not correct I am sorry but I cannot find settings within the ISA
>> manager to fix
>> the problem.
>>
>> Once again many thanks for your kind help and assistance.
>>
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:(E-Mail Removed)...
>>> I agree with Danny. This is much too complex. Using multihomed servers
>>> as
>>> domain controllers is bad practice and will cause you problems.
>>>
>>> If you want to use a server as a router/firewall for your LAN, do not
>>> make it a domain controller. Use a standalone server (running ISA server
>>> if possible). But this may be overkill for your setup. For testing you
>>> could use RRAS, which comes as part of 2003 R2, as a NAT router. Have
>>> you
>>> considered running a hardware firewall instead?
>>>
>>> You only need one internal network, and the machines on it only need
>>> one NIC. Only the router/firewall should have an interface in both
>>> networks. eg
>>>
>>> Internet
>>> |
>>> public IP
>>> router/firewall
>>> private IP (eg 192.168.31.254) default gateway blank
>>> |
>>> all LAN machines (workstations and servers)
>>> 192.168.31.x dg 192.168.31.254
>>>
>>> Give the server you want to use as the DC a static IP, then run
>>> dcpromo
>>> to set up AD and DNS. When you configure DHCP, set all machines to use
>>> the
>>> DC for DNS and the firewall as default gateway (192.168.31.254 in the
>>> example above). Modify the DNS on your DC to forward to a public DNS
>>> server (so that it can resolve foreign URLs as well as local names).
>>>
>>> Where you locate the web server is a problem. If you put it on the
>>> "public" network, you will have problems using it or updating it from
>>> the
>>> LAN (because it is outside the firewall). A common practice is to have
>>> the
>>> web server on the LAN and arrange for public access to it via the
>>> firewall. (That is the remote users connect to the firewall and the
>>> firewall redirects queries to the web server on the LAN).
>>>
>>>
>>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>>> administrative computer and then the Group of
>>>>> workstaions connect via the admin computer to the network
>>>>
>>>>
>>>> You lost me here.
>>>>
>>>> I really can't follow what you are trying to do.
>>>>
>>>> DDS
>>>> "Silom" <(E-Mail Removed)> wrote in message
>>>> news:53466EA0-D716-49D8-9E68-(E-Mail Removed)...
>>>>> Hi All,
>>>>>
>>>>> I am very new to all of this.
>>>>>
>>>>> I am using MS Server 2003 R2 etc and so far have tried some very
>>>>> simple
>>>>> networks all using the same internal network.
>>>>>
>>>>> Now I would like to start a network where a group of workstations
>>>>> connect to the network but using a different address.
>>>>> So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall,
>>>>> an
>>>>> administrative computer and then the Group of
>>>>> workstaions connect via the admin computer to the network.
>>>>>
>>>>> Computer 1. two NIC's (one for the internet, one for the local
>>>>> network)
>>>>> (srv 2003 r2)
>>>>> Computer 2. a single NIC (web server)
>>>>> Computer 3. two NIC's (one for the local network and one for the admin
>>>>> computer) (firewall)
>>>>> Computer 4. two NIC's (one to connect to admin and the other to the
>>>>> Group of workstations) (Admin)
>>>>> Computers 5 - 10 one NIC each
>>>>>
>>>>>
>>>>> I let the server program configure as a typical first server. OK.
>>>>> Those
>>>>> computers that reside up to the firewall
>>>>> (as yet not installed), computers 1 to 3, connect to the network and
>>>>> also the internet using DHCP/DNS/AD/RRAS as setup.
>>>>>
>>>>> However, The card in computer 3 that looks to connect to the admin
>>>>> computer and those which look from the workstations
>>>>> to the admin computer do not connect to the network.
>>>>>
>>>>> I have not setup any other configurations except as instructed "To Do
>>>>> Next" after the initial setup. I am seeing leases
>>>>> used under DHCP and the same addresses appearing in the FWD Lookup
>>>>> zone
>>>>> under the domain name.
>>>>>
>>>>> Can some assist me in configuring the necessary aspects to help me
>>>>> rectify the problem.
>>>>
>>>>
>>>
>>>
>
>

If you have ISA, you do not need to worry about RRAS at all. What I
suggested earlier was that you could use RRAS/NAT to test this setup if you
did not have ISA.

When you install ISA on top of RRAS, ISA takes over the configuration.
Do not try to alter things from the RRAS MMC. Do everything from ISA.

"Silom" <(E-Mail Removed)> wrote in message
news:C96C29FD-CBE1-40C8-AE88-(E-Mail Removed)...
> Hi,
>
> Firstly, so as I understand correctly.
>
> I install RRAS for NAT before ISA??
> ISA sets RRAS parameters.??
>
> Or is it that I do not install RRAS and ISA in effect does this for you.
>
> I understand what you say about configuring ISA, as to start with the
> computer
> running ISA could only connect to the ms site. Now I can connect to any
> site.
>
> Also before the installation of ISA the DC Server computer could ping the
> server
> that ISA was to be installed on. Now it cannot.
>
> Again thank you for your patience.
>
> ------------------------------------
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> If you have installed ISA server, do not try to change the settings in
>> RRAS manually. ISA sits on top of RRAS and configures RRAS directly. If
>> it is not working, you have not configured ISA correctly.
>>
>> "Silom" <(E-Mail Removed)> wrote in message
>> news:C2FD36B6-CB13-4B6B-B73B-(E-Mail Removed)...
>>> Hi,
>>>
>>> May I firstly thank you for your good council.
>>>
>>> Having worked through your scheme I now understand much better what a
>>> monster
>>> I had proposed.
>>>
>>> I see that the private ip settings are in essence the same but in one
>>> or two places they are different than before. I have assumed this was
>>> because
>>> I had two NIC's on the DC. Certainly the elements contained within
>>> AD/DN/DHCP
>>> all appear to be working properly and adding a new machine connects
>>> without
>>> any
>>> problems and its information is broadcast throughout AD/DN/DHCP.
>>>
>>> I was thinking of ISA server for the firewall and I have set this up as
>>> a
>>> standalone
>>> server and joined it to the DC. I have been slowly configuring it and it
>>> communicates
>>> with AD on the DC server with no difficulty.
>>>
>>> QUESTION:
>>>
>>> Am I correct in that I also need to install RRAS on the ISA server
>>> computer
>>> in order
>>> for internal network clients to access the internet. This they cannot do
>>> at
>>> the moment.
>>>
>>> If this is correct are there any additional settings that are require
>>> over
>>> and above
>>> those put in place when the installation wizard is run??
>>>
>>> If I am not correct I am sorry but I cannot find settings within the ISA
>>> manager to fix
>>> the problem.
>>>
>>> Once again many thanks for your kind help and assistance.
>>>
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:(E-Mail Removed)...
>>>> I agree with Danny. This is much too complex. Using multihomed servers
>>>> as
>>>> domain controllers is bad practice and will cause you problems.
>>>>
>>>> If you want to use a server as a router/firewall for your LAN, do
>>>> not
>>>> make it a domain controller. Use a standalone server (running ISA
>>>> server
>>>> if possible). But this may be overkill for your setup. For testing you
>>>> could use RRAS, which comes as part of 2003 R2, as a NAT router. Have
>>>> you
>>>> considered running a hardware firewall instead?
>>>>
>>>> You only need one internal network, and the machines on it only need
>>>> one NIC. Only the router/firewall should have an interface in both
>>>> networks. eg
>>>>
>>>> Internet
>>>> |
>>>> public IP
>>>> router/firewall
>>>> private IP (eg 192.168.31.254) default gateway blank
>>>> |
>>>> all LAN machines (workstations and servers)
>>>> 192.168.31.x dg 192.168.31.254
>>>>
>>>> Give the server you want to use as the DC a static IP, then run
>>>> dcpromo
>>>> to set up AD and DNS. When you configure DHCP, set all machines to use
>>>> the
>>>> DC for DNS and the firewall as default gateway (192.168.31.254 in the
>>>> example above). Modify the DNS on your DC to forward to a public DNS
>>>> server (so that it can resolve foreign URLs as well as local names).
>>>>
>>>> Where you locate the web server is a problem. If you put it on the
>>>> "public" network, you will have problems using it or updating it from
>>>> the
>>>> LAN (because it is outside the firewall). A common practice is to have
>>>> the
>>>> web server on the LAN and arrange for public access to it via the
>>>> firewall. (That is the remote users connect to the firewall and the
>>>> firewall redirects queries to the web server on the LAN).
>>>>
>>>>
>>>> "Danny Sanders" <(E-Mail Removed)> wrote in message
>>>> news:%(E-Mail Removed)...
>>>>>> administrative computer and then the Group of
>>>>>> workstaions connect via the admin computer to the network
>>>>>
>>>>>
>>>>> You lost me here.
>>>>>
>>>>> I really can't follow what you are trying to do.
>>>>>
>>>>> DDS
>>>>> "Silom" <(E-Mail Removed)> wrote in message
>>>>> news:53466EA0-D716-49D8-9E68-(E-Mail Removed)...
>>>>>> Hi All,
>>>>>>
>>>>>> I am very new to all of this.
>>>>>>
>>>>>> I am using MS Server 2003 R2 etc and so far have tried some very
>>>>>> simple
>>>>>> networks all using the same internal network.
>>>>>>
>>>>>> Now I would like to start a network where a group of workstations
>>>>>> connect to the network but using a different address.
>>>>>> So there would be a DHCP/DNS/AD/RRAS server, a Web server,a Firewall,
>>>>>> an
>>>>>> administrative computer and then the Group of
>>>>>> workstaions connect via the admin computer to the network.
>>>>>>
>>>>>> Computer 1. two NIC's (one for the internet, one for the local
>>>>>> network)
>>>>>> (srv 2003 r2)
>>>>>> Computer 2. a single NIC (web server)
>>>>>> Computer 3. two NIC's (one for the local network and one for the
>>>>>> admin
>>>>>> computer) (firewall)
>>>>>> Computer 4. two NIC's (one to connect to admin and the other to the
>>>>>> Group of workstations) (Admin)
>>>>>> Computers 5 - 10 one NIC each
>>>>>>
>>>>>>
>>>>>> I let the server program configure as a typical first server. OK.
>>>>>> Those
>>>>>> computers that reside up to the firewall
>>>>>> (as yet not installed), computers 1 to 3, connect to the network and
>>>>>> also the internet using DHCP/DNS/AD/RRAS as setup.
>>>>>>
>>>>>> However, The card in computer 3 that looks to connect to the admin
>>>>>> computer and those which look from the workstations
>>>>>> to the admin computer do not connect to the network.
>>>>>>
>>>>>> I have not setup any other configurations except as instructed "To Do
>>>>>> Next" after the initial setup. I am seeing leases
>>>>>> used under DHCP and the same addresses appearing in the FWD Lookup
>>>>>> zone
>>>>>> under the domain name.
>>>>>>
>>>>>> Can some assist me in configuring the necessary aspects to help me
>>>>>> rectify the problem.
>>>>>
>>>>>
>>>>
>>>>
>>
>>