Recommendations for a new Router and network changes in Microsoft SBS2000 Environment

Posted on 2005-04-06
Last Modified: 2013-11-29

I was wondering if you experts can recommend a router and/or a network configuraiton for our small office.

We currently have a shared T1 access for internet using a Netgear RT311 router. Our access provider gave us 3 IP addresses and gave us a ethernet drop into our server room. We are currently only using 1 IP using Micosoft SBS2000 server. There are a few things that we would like to do that I think we cannot do without upgrading/reconfiguring the network.

(1) We need to be able to give internet-only access to visitors without giving network access. Currently, we have all our client machines going through SBS2000 which is then connected to the Netgear router. So, I was thinking that we may need another router with a additional ports that can be used for direct access to the internet.

(2) We also would like to have a machine that is not in our corporate network that is accessible from outside without putting that machine in our network. We plan on accessing that machine either through FTP or some other way.

Would appreciate some suggestions on a new router and the network. Thanks.
Question by:shinhw
    LVL 13

    Expert Comment

    You can stay with Netgear because you are familiar with it, and they have products to fit your needs.
    One I really would recommend is the FVX538:

    The design of this one will allow you to provide (1) direct access to the internet.

    Also, (2) the machine outside of your corporate network can be accessed via a vpn.

    To separate the traffic so that you don't have to go through SBS, you simply can connect the subnet to the router and nat it out.

    Expert Comment

    A quick and dirty option would be to put a 4 port switch between your internet connection and the Netgear router. You could then add a wireless access point or simple 4 port Linsys router by plugging it into the switch with a public IP from your ISP for visitors to get internet access. You could also plug a PC with a public IP to the switch that you could easily access from outside.

    Like I said quick n dirty, but it would work for the senerio you presented. Of course there are more secure options with port forwarding n such, depends on what your ultimate goal is.
    LVL 25

    Expert Comment

    by:Ron M
    to do it will need to setup VLAN's to separate your network but allow using the same resources ...such as internet.

    VLAN 1                                               VLAN2
    guest machines                                   network with authentication

              \                                      /
                 {          Switch           }
                             trunk port


    Use differnt subnets( &, buy a new router with 2 lan ports, and use acces control lists to prevent lan to lan traffic....only route lan to any any

    Author Comment

    Thanks for the suggestions. They all sound good.

    I like the quick fix option for the immediate need. Thanks.

    Gpriceee, One thing I did not mention is that we may want to put a webserver on the public network side. So, I don't think the VPN option will work. What do you think?

    xuserx200, do you have a suggestion for a router with 2 lan ports? I like the second option you suggested because it seems like we can control the access between the 2 lans. What I mean is that we will want to give access from the authenticated network to the guest network, but not the other way. Also, for a machine that will be accessible from the outside, we were thinking of just providing a remote login through something like gotomypc.

    LVL 13

    Accepted Solution

    Actually, putting the web server on the public side will be handled through a dmz.  Place the web server in the DMZ, assign the actual box a non-routable address, and in the firewall, you can NAT the external address to the dmz.  At the very least, you can forward tcp 80 to the web server so that outside users can access it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now