SBS multiple public IPs on a single NIC problem

I'm currently using 2003SBS to host two sites that require SSL.
I've assigned two public IP's to the WAN adapter to accomplish
this. I also have a 2000 server running ISA that act as the
gateway for my LAN. Here's some crappy ASCII art that may help
describe my setup


--- [2000 server] ---| <--- LAN gateway
ISP / |
--|---- |
Router \ |
--- [2003 SBS] -----|
|
|
\---- LAN

public IP pool address range: x.x.105.73 - x.x.105.78
public IP pool subnet mask: 255.255.255.248

Currently, my router has x.x.105.73, the 2000 server has x.x.105.75
, and 2003 SBS has x.x.105.74 and .76 all set staticly.

This setup works great unless the 2000 server is restarted (or its WAN
interface is disabled, then re-enabled). When it comes back online it
reports an IP address conflict on it's WAN interface. A quick look at
the ARP table on the SBS server reveals that it has assigned the
2000 servers public IP to its own WAN MAC address causing a conflict
on the 2000 server!

I've traced the network traffic during this process, and the SBS
server does indeed send an ARP response indicating that the
desired IP (x.x.105.75) is in use by the SBS server which simply
isn't true.

Is this a 'feature' of 2003SBS that prevents this type of setup?
I've never encountered this sort of behaviour before.

I have already replaced the WAN NIC on the SBS server to rule
it out.

Help!

Scott

Run SBS with one Nic.

ISP<--->ISA<--->LAN

SBS will sit on the LAN with one nic exactly like all the other machines do.
Use ISA's Web Publishing Features to make the SSL sites available to the public.

It become more flexable with ISA2004 or newer.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

"Scott Oliver" <(E-Mail Removed)> wrote in message
news:AF8A0554-4DE8-4149-B7DA-(E-Mail Removed)...
>
> I'm currently using 2003SBS to host two sites that require SSL.
> I've assigned two public IP's to the WAN adapter to accomplish
> this. I also have a 2000 server running ISA that act as the
> gateway for my LAN. Here's some crappy ASCII art that may help
> describe my setup
>
>
> --- [2000 server] ---| <--- LAN gateway
> ISP / |
> --|---- |
> Router \ |
> --- [2003 SBS] -----|
> |
> |
> \---- LAN
>
> public IP pool address range: x.x.105.73 - x.x.105.78
> public IP pool subnet mask: 255.255.255.248
>
> Currently, my router has x.x.105.73, the 2000 server has x.x.105.75
> , and 2003 SBS has x.x.105.74 and .76 all set staticly.
>
> This setup works great unless the 2000 server is restarted (or its WAN
> interface is disabled, then re-enabled). When it comes back online it
> reports an IP address conflict on it's WAN interface. A quick look at
> the ARP table on the SBS server reveals that it has assigned the
> 2000 servers public IP to its own WAN MAC address causing a conflict
> on the 2000 server!
>
> I've traced the network traffic during this process, and the SBS
> server does indeed send an ARP response indicating that the
> desired IP (x.x.105.75) is in use by the SBS server which simply
> isn't true.
>
> Is this a 'feature' of 2003SBS that prevents this type of setup?
> I've never encountered this sort of behaviour before.
>
> I have already replaced the WAN NIC on the SBS server to rule
> it out.
>
> Help!
>
> Scott
>

I seem to remember trying a similiar config when I first installed SBS on my
network, and ran into some problems with the SSL sites and ISA 2000. Can ISA
2000 handle your suggested setup? ISA 2000 came with SBS'03 and I'm told
that the free upgrade CD to ISA 2004 has been discontinued.

Thanks,
Scott

"Phillip Windell" wrote:

> Run SBS with one Nic.
>
> ISP<--->ISA<--->LAN
>
> SBS will sit on the LAN with one nic exactly like all the other machines do.
> Use ISA's Web Publishing Features to make the SSL sites available to the public.
>
> It become more flexable with ISA2004 or newer.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> The views expressed (as annoying as they are, and as stupid as they sound), are
> my own and not those of my employer, or Microsoft, or anyone else associated
> with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
> "Scott Oliver" <(E-Mail Removed)> wrote in message
> news:AF8A0554-4DE8-4149-B7DA-(E-Mail Removed)...
> >
> > I'm currently using 2003SBS to host two sites that require SSL.
> > I've assigned two public IP's to the WAN adapter to accomplish
> > this. I also have a 2000 server running ISA that act as the
> > gateway for my LAN. Here's some crappy ASCII art that may help
> > describe my setup
> >
> >
> > --- [2000 server] ---| <--- LAN gateway
> > ISP / |
> > --|---- |
> > Router \ |
> > --- [2003 SBS] -----|
> > |
> > |
> > \---- LAN
> >
> > public IP pool address range: x.x.105.73 - x.x.105.78
> > public IP pool subnet mask: 255.255.255.248
> >
> > Currently, my router has x.x.105.73, the 2000 server has x.x.105.75
> > , and 2003 SBS has x.x.105.74 and .76 all set staticly.
> >
> > This setup works great unless the 2000 server is restarted (or its WAN
> > interface is disabled, then re-enabled). When it comes back online it
> > reports an IP address conflict on it's WAN interface. A quick look at
> > the ARP table on the SBS server reveals that it has assigned the
> > 2000 servers public IP to its own WAN MAC address causing a conflict
> > on the 2000 server!
> >
> > I've traced the network traffic during this process, and the SBS
> > server does indeed send an ARP response indicating that the
> > desired IP (x.x.105.75) is in use by the SBS server which simply
> > isn't true.
> >
> > Is this a 'feature' of 2003SBS that prevents this type of setup?
> > I've never encountered this sort of behaviour before.
> >
> > I have already replaced the WAN NIC on the SBS server to rule
> > it out.
> >
> > Help!
> >
> > Scott
> >
>
>
>

"Scott Oliver" <(E-Mail Removed)> wrote in message
news:08FA9981-DFE2-4EF1-BCAD-(E-Mail Removed)...
>I seem to remember trying a similiar config when I first installed SBS on my
> network, and ran into some problems with the SSL sites and ISA 2000. Can
> ISA 2000 handle your suggested setup?

Yes, but it is much easier to deal with using ISA2004. I don't remember any
details of the differences between ISA2000 -vs- ISA2004 with Web Publishing.

> ISA 2000 came with SBS'03 and I'm told
> that the free upgrade CD to ISA 2004 has been discontinued.

But you said the ISA was on a separate 2000 box. That is a stand-alone ISA and
that is what you have to deal with. I do not recommend messing with ISA on the
SBS box when you already have a stand-alone copy which is much better.

ISA2004 update for SBS is on the SP1 disks. The SP1 disk for SBS-Prem have to
be gotten directly from MS and canot be downloaded. The SP1 installation Wizard
gives the option to install ISA2004. *But* I do not recommend it. Run SBS with a
single Nic and remove any copies of ISA from the box. Let the Standalone ISA be
the LAN's Firewall.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------