Added second NIC - help!

We have Windows 2003 server and we added a second NIC called here as
EXT NIC. The original NIC is called INT NIC. We are isloating the
Internal network from the Internet (EXT). Here are the settings on the
Server: We have a new Linksys VPN router model RV042

DHCP - not running
INT NIC:
IP: 10.10.10.150
SN: 255.255.255.0
GW:Blank
DNS: 10.10.10.150


EXT NIC:
IP: 192.168.16.1
SN: 255.255.255.0
GW: 192.168.16.254
DNS:10.10.10.150


Router:
Setup with Static IP info,Gateway,SN from ISP
Local LAN address: 192.168.16.254
Local SN: 255.255.255.0
DHCP: Disabled


Workstation1:
IP: 10.10.10.120
SN:255.255.255.0
GW:Blank
DNS: 10.10.10.150


I have had this setup work with SBS 2000 & 2003 with ISA.


The server can get on the internet, the workstations cannot. The
workstations can connect mapped drives & ping the server. Why can the
workstations not connect to Internet???


Secondly, please help me verify my cable connections:
Internal NIC-plugged into main switch
External NIC-plugged into Linksys Router
Linksys router Internet port plugged into ISP's modem
Clients plugged into main switch



melickas@yahoo.com

Your cable connection looks OK. The problem is the workstation need to add default gateway, 10.10.10.150.


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
<(E-Mail Removed)> wrote in message news:(E-Mail Removed) ups.com...
We have Windows 2003 server and we added a second NIC called here as
EXT NIC. The original NIC is called INT NIC. We are isloating the
Internal network from the Internet (EXT). Here are the settings on the
Server: We have a new Linksys VPN router model RV042

DHCP - not running
INT NIC:
IP: 10.10.10.150
SN: 255.255.255.0
GW:Blank
DNS: 10.10.10.150


EXT NIC:
IP: 192.168.16.1
SN: 255.255.255.0
GW: 192.168.16.254
DNS:10.10.10.150


Router:
Setup with Static IP info,Gateway,SN from ISP
Local LAN address: 192.168.16.254
Local SN: 255.255.255.0
DHCP: Disabled


Workstation1:
IP: 10.10.10.120
SN:255.255.255.0
GW:Blank
DNS: 10.10.10.150


I have had this setup work with SBS 2000 & 2003 with ISA.


The server can get on the internet, the workstations cannot. The
workstations can connect mapped drives & ping the server. Why can the
workstations not connect to Internet???


Secondly, please help me verify my cable connections:
Internal NIC-plugged into main switch
External NIC-plugged into Linksys Router
Linksys router Internet port plugged into ISP's modem
Clients plugged into main switch

Do you realize that what you are calling a Router is really a NAT Firewall
and is already doing what you are trying to do with the Server? That is why
the "router" has a Private IP# on the internal side.

You have to configure RRAS on the Server to act as a NAT Server (aka NAT
Firewall). This is what ISA did except that it was proxy-based instead of
NAT-based.

You also need to realize that this creates a Back-to-Back DMZ between the
Server and the Linksys box. So you need to know how to deal with such a
thing. If you don't want or never intended to have the Back-to-Back DMZ
then you need to replace the Linksys box with the Server itself. The
Cable/DSL modem that currently plugs into the Linksys will plug directly
into the Server's external nic instead and the Server's external Nic will
use the TCP/IP "specs" form the ISP.

Looks to me that your other cable connections are fine.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> We have Windows 2003 server and we added a second NIC called here as
> EXT NIC. The original NIC is called INT NIC. We are isloating the
> Internal network from the Internet (EXT). Here are the settings on the
> Server: We have a new Linksys VPN router model RV042
>
> DHCP - not running
> INT NIC:
> IP: 10.10.10.150
> SN: 255.255.255.0
> GW:Blank
> DNS: 10.10.10.150
>
>
> EXT NIC:
> IP: 192.168.16.1
> SN: 255.255.255.0
> GW: 192.168.16.254
> DNS:10.10.10.150
>
>
> Router:
> Setup with Static IP info,Gateway,SN from ISP
> Local LAN address: 192.168.16.254
> Local SN: 255.255.255.0
> DHCP: Disabled
>
>
> Workstation1:
> IP: 10.10.10.120
> SN:255.255.255.0
> GW:Blank
> DNS: 10.10.10.150
>
>
> I have had this setup work with SBS 2000 & 2003 with ISA.
>
>
> The server can get on the internet, the workstations cannot. The
> workstations can connect mapped drives & ping the server. Why can the
> workstations not connect to Internet???
>
>
> Secondly, please help me verify my cable connections:
> Internal NIC-plugged into main switch
> External NIC-plugged into Linksys Router
> Linksys router Internet port plugged into ISP's modem
> Clients plugged into main switch
>

Thank you for replying. I always like reading your answers they are
straight on and now I understand the NAT vs proxy -based.
The reason we introduccd the Linksys VPN router is because we wanted to
setup a Gateway-to-Gateway VPN with the same model Linksys router at
another location that does not have a server;each location has a static
IP from the ISP.
(The remote location needs to share files with the main location and we
thought router -to -router would be ok). Also, there is no firewall on
the server so we wanted to isolate the internal network from the
external and have the router as firewall.

So, if we keep the Linksys router in place do we still run the RRAS
wizard and are the above IP settings ok for both the Internal &
external Nic? Thanks.

Phillip Windell wrote:
> Do you realize that what you are calling a Router is really a NAT Firewall
> and is already doing what you are trying to do with the Server? That is why
> the "router" has a Private IP# on the internal side.
>
> You have to configure RRAS on the Server to act as a NAT Server (aka NAT
> Firewall). This is what ISA did except that it was proxy-based instead of
> NAT-based.
>
> You also need to realize that this creates a Back-to-Back DMZ between the
> Server and the Linksys box. So you need to know how to deal with such a
> thing. If you don't want or never intended to have the Back-to-Back DMZ
> then you need to replace the Linksys box with the Server itself. The
> Cable/DSL modem that currently plugs into the Linksys will plug directly
> into the Server's external nic instead and the Server's external Nic will
> use the TCP/IP "specs" form the ISP.
>
> Looks to me that your other cable connections are fine.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> The views expressed are my own (as annoying as they are), and not those of
> my employer or anyone else associated with me.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > We have Windows 2003 server and we added a second NIC called here as
> > EXT NIC. The original NIC is called INT NIC. We are isloating the
> > Internal network from the Internet (EXT). Here are the settings on the
> > Server: We have a new Linksys VPN router model RV042
> >
> > DHCP - not running
> > INT NIC:
> > IP: 10.10.10.150
> > SN: 255.255.255.0
> > GW:Blank
> > DNS: 10.10.10.150
> >
> >
> > EXT NIC:
> > IP: 192.168.16.1
> > SN: 255.255.255.0
> > GW: 192.168.16.254
> > DNS:10.10.10.150
> >
> >
> > Router:
> > Setup with Static IP info,Gateway,SN from ISP
> > Local LAN address: 192.168.16.254
> > Local SN: 255.255.255.0
> > DHCP: Disabled
> >
> >
> > Workstation1:
> > IP: 10.10.10.120
> > SN:255.255.255.0
> > GW:Blank
> > DNS: 10.10.10.150
> >
> >
> > I have had this setup work with SBS 2000 & 2003 with ISA.
> >
> >
> > The server can get on the internet, the workstations cannot. The
> > workstations can connect mapped drives & ping the server. Why can the
> > workstations not connect to Internet???
> >
> >
> > Secondly, please help me verify my cable connections:
> > Internal NIC-plugged into main switch
> > External NIC-plugged into Linksys Router
> > Linksys router Internet port plugged into ISP's modem
> > Clients plugged into main switch
> >

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Thank you for replying. I always like reading your answers they are
> straight on and now I understand the NAT vs proxy -based.

....if only they all thought that!... :-)

> The reason we introduccd the Linksys VPN router is because we wanted to
> setup a Gateway-to-Gateway VPN with the same model Linksys router at
> another location that does not have a server;each location has a static
> IP from the ISP.
> (The remote location needs to share files with the main location and we
> thought router -to -router would be ok). Also, there is no firewall on
> the server so we wanted to isolate the internal network from the
> external and have the router as firewall.

That sounds fine.
The Linksys box is already isolating your LAN from the Internet.

> So, if we keep the Linksys router in place do we still run the RRAS
> wizard and are the above IP settings ok for both the Internal &
> external Nic? Thanks.

Only if you intensionally want to have a Back-to-back DMZ between the
Windows/RRAS box and the Linksys. Otherwise leave things the way they are
and run the server with one Nic just like the rest of the machines on the
LAN. The Linksys box is your current Firewall and will do "ok" as long as
you don't expect it to be able to do everything a $2000+ NAT Firewall or an
ISA could do. Those Linksys boxes are "low-end" Home Users or SOHO devices,
but they are owned by Cisco now which is a plus for Linksys.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------