zer0biwan
asked on
ICS Problem
I'm currently having a problem with ICS @ the moment;
The details of the network are as follows.
1. Win2000 server connected to a switch on one
Ethernet card, supplying DHCP IP's to Clients.
IP: 192.168.0.1
2. The other Ethernet card is connected to an
ISDN Modem with IP: 192.168.0.50
I'm using the ISDN Modem IP as the gateway which
is of course 192.168.0.50
The only PC that can see the internet connection is the server.
All other PC's are set to obtain IP's via DHCP from server.
There is another configuration that I have tried that works
only with Static IP's assigned to all the clients.
1. Win2000 server connected to the switch
IP: 192.168.0.1
2. The ISDN Modem is connected to the switch via crossover cable
with IP: 192.168.0.50
I'm using the ISDN Modem IP as the gateway and it works, But I feel this is very unsafe, as I would rather go through a firewall on the server, instead of setting up personal firewalls on all the machines.
I have heard the first configuration works, but need a guide to walk me through the process.
Thanks.
The details of the network are as follows.
1. Win2000 server connected to a switch on one
Ethernet card, supplying DHCP IP's to Clients.
IP: 192.168.0.1
2. The other Ethernet card is connected to an
ISDN Modem with IP: 192.168.0.50
I'm using the ISDN Modem IP as the gateway which
is of course 192.168.0.50
The only PC that can see the internet connection is the server.
All other PC's are set to obtain IP's via DHCP from server.
There is another configuration that I have tried that works
only with Static IP's assigned to all the clients.
1. Win2000 server connected to the switch
IP: 192.168.0.1
2. The ISDN Modem is connected to the switch via crossover cable
with IP: 192.168.0.50
I'm using the ISDN Modem IP as the gateway and it works, But I feel this is very unsafe, as I would rather go through a firewall on the server, instead of setting up personal firewalls on all the machines.
I have heard the first configuration works, but need a guide to walk me through the process.
Thanks.
ASKER
Thanks for the reply lrmoore,
The modem is external.
I've assigned the IP: 192.168.1.1
to the modem and IP: 192.168.1.2 to
the ethernet card connected to the modem.
I can't connect to the internet even from the server
now.
Also when I enabled ICS on the internet connection I
think it tried to reset the IP of the server-modem to 192.168.0.1.
But of course the LAN ethernet is set to that IP.
I'm going crazy here, there has to be an answer to this!
Anything considered @ this stage.
The modem is external.
I've assigned the IP: 192.168.1.1
to the modem and IP: 192.168.1.2 to
the ethernet card connected to the modem.
I can't connect to the internet even from the server
now.
Also when I enabled ICS on the internet connection I
think it tried to reset the IP of the server-modem to 192.168.0.1.
But of course the LAN ethernet is set to that IP.
I'm going crazy here, there has to be an answer to this!
Anything considered @ this stage.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When using M$ ICS, the NIC on the host connected to the LAN MUST have the ip 192.168.0.1
usually the other adapter is set to auto configure (the one connected to the modem)
usually the other adapter is set to auto configure (the one connected to the modem)
ASKER
Thanks for the reply stevenlewis,
Well I'm beginning to get more info on the problem.
As I said in the original post I'm using DHCP on the
Win2k server (mainly because alot of the clients are
laptops), and while browsing the M$ knowledge base found;
"The ICS service is one implementation of Network Address Translation (NAT) that Windows 2000 uses. The ICS service automatically sets up a mini DHCP scope and a DNS Proxy service to enable clients on the private network to use ICS and get on the Internet.
The DHCP allocator and DNS Proxy services are not configurable in ICS and start as soon as the service is enabled. Because these services bind to the same TCP ports that a DDNS or DHCP server uses, ICS conflicts if these services are running."
The only way to resolve this problem is;
"do not run the ICS service on a DHCP or DDNS server. NAT (which is installed using routing protocols in the Routing and Remote Access Service (RRAS) snap-in) works correctly if you do not enable the DNS Proxy service or the DHCP allocator."
Back to stage one I think!
Any other ideas are welcome.
Well I'm beginning to get more info on the problem.
As I said in the original post I'm using DHCP on the
Win2k server (mainly because alot of the clients are
laptops), and while browsing the M$ knowledge base found;
"The ICS service is one implementation of Network Address Translation (NAT) that Windows 2000 uses. The ICS service automatically sets up a mini DHCP scope and a DNS Proxy service to enable clients on the private network to use ICS and get on the Internet.
The DHCP allocator and DNS Proxy services are not configurable in ICS and start as soon as the service is enabled. Because these services bind to the same TCP ports that a DDNS or DHCP server uses, ICS conflicts if these services are running."
The only way to resolve this problem is;
"do not run the ICS service on a DHCP or DDNS server. NAT (which is installed using routing protocols in the Routing and Remote Access Service (RRAS) snap-in) works correctly if you do not enable the DNS Proxy service or the DHCP allocator."
Back to stage one I think!
Any other ideas are welcome.
I had this problem too, but I'll walk you through how I solved it. On my server, the internet connection was a dial-up, and the other computers were connected to it. For ICS to not conflict with DHCP, you need to set the DHCP scope to 192.168.0.x as well (with subnet mask 255.255.255.0) and get the DHCP server to automatically assign IP addresses.
You should have AD installed for this to work, I'm not sure but this is how my network goes. NAT is too complex and I abandoned the idea of configuring it.
Enable ICS on the connection you want to share. Leave everything else the way it was on this connection.
In DHCP, create a new scope called 192.168.0.0 and create an address pool from 192.168.0.2 to 192.168.0.254.
On the network card that is connected to your LAN, enable the TCP/IP protocol if you haven't already, and click properties. check 'Use the following IP address', and type in 192.168.0.1 for the IP address, and 255.255.255.0 for the subnet mask. If you want to enable DNS for your network too, (mandatory anyway) then just type in 127.0.0.1 (localhost) for the DNS address.
When configured this way and if the server's internet connection is working, your network should be able to access the network too, as the DHCP and ICS won't conflict because they are using the same IP. Whatever, this is how mine is set up because I was too lazy to learn about NAT but it works so there.
:P
You should have AD installed for this to work, I'm not sure but this is how my network goes. NAT is too complex and I abandoned the idea of configuring it.
Enable ICS on the connection you want to share. Leave everything else the way it was on this connection.
In DHCP, create a new scope called 192.168.0.0 and create an address pool from 192.168.0.2 to 192.168.0.254.
On the network card that is connected to your LAN, enable the TCP/IP protocol if you haven't already, and click properties. check 'Use the following IP address', and type in 192.168.0.1 for the IP address, and 255.255.255.0 for the subnet mask. If you want to enable DNS for your network too, (mandatory anyway) then just type in 127.0.0.1 (localhost) for the DNS address.
When configured this way and if the server's internet connection is working, your network should be able to access the network too, as the DHCP and ICS won't conflict because they are using the same IP. Whatever, this is how mine is set up because I was too lazy to learn about NAT but it works so there.
:P
When I learned about the Windows 2000 conflict between ICS and DHCP I completely disregarded it and reinstalled win2k server about 7 times before I found a way ^ above.
Besides, your ISDN modem should have an automatically assigned IP address, by yout ISP...don't use 192.168.0.50
On all the other computers use 192.168.0.1 AS THE GATEWAY NOT 192.168.0.50 because the IP of the server is 192.168.0.1 and the modem is connected to it. Now I realize that is the reason your internet connection isn't working. Besides your IP for the modem shouldn't be 192.168.0.50 anyway because that is a private network address. On all the client computers check "Use DHCP for WINS resolution" and leave all the other settings to automatic. If you want to use DNS I have no idea how to go further on this as my network doesn't use it.
OK JUST TO CLARIFY THIS IF YOU HAVE SET THE GATEWAY TO 192.168.0.50 ON THE CLIENT COMPUTERS then it won't work for sure as there probably isn't a computer with that IP on your network with an internet connection.
As for connecting anything to a switch with a crossover cable, that is stupid, because the switch automatically crosses standard RJ-45 category 5 patch cables and that crosses it over twice which counters the effect.
THE ONLY THING A CROSSOVER CABLE CAN BE USED FOR IS A DIRECT CONNECTION BETWEEN 2 COMPS WITHOUT A HUB!!!
OK
:P i think that might help.
Besides, your ISDN modem should have an automatically assigned IP address, by yout ISP...don't use 192.168.0.50
On all the other computers use 192.168.0.1 AS THE GATEWAY NOT 192.168.0.50 because the IP of the server is 192.168.0.1 and the modem is connected to it. Now I realize that is the reason your internet connection isn't working. Besides your IP for the modem shouldn't be 192.168.0.50 anyway because that is a private network address. On all the client computers check "Use DHCP for WINS resolution" and leave all the other settings to automatic. If you want to use DNS I have no idea how to go further on this as my network doesn't use it.
OK JUST TO CLARIFY THIS IF YOU HAVE SET THE GATEWAY TO 192.168.0.50 ON THE CLIENT COMPUTERS then it won't work for sure as there probably isn't a computer with that IP on your network with an internet connection.
As for connecting anything to a switch with a crossover cable, that is stupid, because the switch automatically crosses standard RJ-45 category 5 patch cables and that crosses it over twice which counters the effect.
THE ONLY THING A CROSSOVER CABLE CAN BE USED FOR IS A DIRECT CONNECTION BETWEEN 2 COMPS WITHOUT A HUB!!!
OK
:P i think that might help.
Oh yes another thing is if your server is win2k server MAKE SURE YOU GET ALL THE LATEST DRIVERS for all the NICs on your clients because i had a major problem of this, all the configuration was correct but it still didn't work until i got the latest drivers which had win2k server support.
ASKER
Thanks for the replies once more,
Quote
"THE ONLY THING A CROSSOVER CABLE CAN BE USED FOR IS A DIRECT CONNECTION BETWEEN 2 COMPS WITHOUT A HUB!!!"
This is cobblers, crossovers can be used for an assortment of tasks.
Anyway it's the only way I can connect the modem to the switch(RTFM).
Got it sorted though, I only wanted to make the entire network more secure and decided on a cheap PC running wingate to bridge the networks.
Got to give the points to stevenlewis cause through the links I found what I was looking for.
Excellent help though guys',
thanks to all of you.
Quote
"THE ONLY THING A CROSSOVER CABLE CAN BE USED FOR IS A DIRECT CONNECTION BETWEEN 2 COMPS WITHOUT A HUB!!!"
This is cobblers, crossovers can be used for an assortment of tasks.
Anyway it's the only way I can connect the modem to the switch(RTFM).
Got it sorted though, I only wanted to make the entire network more secure and decided on a cheap PC running wingate to bridge the networks.
Got to give the points to stevenlewis cause through the links I found what I was looking for.
Excellent help though guys',
thanks to all of you.
why the "C"?
...
Don't be greedy for points and marks...this community isn't a competition. Be glad that you helped the guy.
Don't be greedy for points and marks...this community isn't a competition. Be glad that you helped the guy.
How Do I Know What Grade to Give?
Although we use an A-D scale here at Experts Exchange, it works differently than, say, school grades. If one or more Experts' proposals are accepted as answers, they should usually be given an A or B grade, since they have taken the time to provide you with a working solution. If a possible solution is incomplete - ask for clarification or details before accepting the answer and grading it. People should not be given lower grades because of incorrect grammar or because you just accepted their answer or comment to close the question. Keep in mind, your question and any follow-up comments should be focused so that there can be a specific answer. The following is a good guideline to follow when grading:
A: The Expert(s) either provided you with a thorough answer or they provided you with a link to information that thoroughly answered your question. An "A" can also be given to any answer that you found informative or enlightening beyond the direct question that you asked.
B: The Expert(s) provided an acceptable solution, or a link to an acceptable solution, that you were able to use, although you may have needed a bit more information to complete the task.
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.
Remember, the Expert helping you today is probably going to be helping you next time you post a question. Give them a fair chance to earn an 'Excellent!' grade and they'll provide you with some amazing support.
Although we use an A-D scale here at Experts Exchange, it works differently than, say, school grades. If one or more Experts' proposals are accepted as answers, they should usually be given an A or B grade, since they have taken the time to provide you with a working solution. If a possible solution is incomplete - ask for clarification or details before accepting the answer and grading it. People should not be given lower grades because of incorrect grammar or because you just accepted their answer or comment to close the question. Keep in mind, your question and any follow-up comments should be focused so that there can be a specific answer. The following is a good guideline to follow when grading:
A: The Expert(s) either provided you with a thorough answer or they provided you with a link to information that thoroughly answered your question. An "A" can also be given to any answer that you found informative or enlightening beyond the direct question that you asked.
B: The Expert(s) provided an acceptable solution, or a link to an acceptable solution, that you were able to use, although you may have needed a bit more information to complete the task.
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.
Remember, the Expert helping you today is probably going to be helping you next time you post a question. Give them a fair chance to earn an 'Excellent!' grade and they'll provide you with some amazing support.
ASKER
Hi stevenlewis,
You were given a "C" mainly because the information that led to the resolution of the problem was from a different source.
If you had directly given me the info you would have gotten your "A".
Fair is fair, I had to do alot of surfing before I got a solution that worked for me.
As heheman3000 has stated "this community isn't a competition".
You were given a "C" mainly because the information that led to the resolution of the problem was from a different source.
If you had directly given me the info you would have gotten your "A".
Fair is fair, I had to do alot of surfing before I got a solution that worked for me.
As heheman3000 has stated "this community isn't a competition".
you can not route between 192.168.0.x and 192.168.0.x, they are both on the same subnet.
you need to have one NIC with a public IP Address such as 24.x.x.x, which is the internet NIC. the other one with the 192.168.0.x.
let me know if further hlep need.
MJ
you need to have one NIC with a public IP Address such as 24.x.x.x, which is the internet NIC. the other one with the 192.168.0.x.
let me know if further hlep need.
MJ
I would suggest that each network card be on a separate IP network, i.e. LAN card connected to all PC's = 192.168.0.x, between ISDN modem and Server card: 192.168.1.x
Your server's default is the ISDN modem's IP
Your other client's default gateway is the server
The server is providing NAT services