Network Configuration with 2 Servers

I have configured a single Win 2003 server with Exchange 2003 on a test network and everything works fine.  I now want to modify the network so that I have 2 Win 2003 servers - one to run Exchange and the other to store files and acts as a Domain Controller (DC).

The exchange server has 2 NICs, the DC has 1 NIC.  I have a Netgear router which can perform NAT.  My internal network uses 192.168.0.*** and my Subnet is

Router -
DC -

1.) What IP addresses should I give to the 2 NICs on the Exchange Server?
2.) Where should I perform NAT?  In the router or in the Exchange Server?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You only need to use one NIC. Give it an IP of something like and just disable the other one.

The router should already be doing NAT you shouldn't have to do anything.
doddwellAuthor Commented:
I know that I only need to use 1 NIC on the Exchange server, but isn't it preferable to use 2?
It depends on your setup. If you wanted to use it you would either have to give it a public IP or an IP on a seperate internal subnet to seperate email traffic from the rest of the network. You could give it an IP of, but your router would have to be able to handle two internal subnets.

Even doing this wouldn't really change anything. It wouldn't give you any more bandwidth or help security much.

If you were in a larger environment it could be usefull. If you had a seperate exchange server acting as a gateway to multiple internal exchange servers with email stores on them. You could have one NIC connected to your DMZ and one NIC connected to your internal network. Even in that situation, that wouldn't be the best way to do it because if somehow the gateway exchange server was compromized then they would have full access to your internal network. The way it would be done is to have the gateway exchange server in the DMZ with one NIC and it accepts email from the internet through the firewall, then forwards it to the internal servers back through the firewall to the internal network. At each point the traffic is restricted to only what is expected. I really don't see the need for dual NICs in this case.

You could also use it for background traffic, like for doing backup jobs. Then both servers would have dual NICs and talk to each other on the secondary network and the workstations on the primary network. It really wouldn't make that much difference for only two servers though.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Is this a test network to be rolled out to production?  Or a test network for testing things before applying to your production network?

In the later case there isn't much need for the Exchange server to use both nics.  Enable one, and disable the other.  The IP# doesn't matter, as long as its not in use else where.

If it is a test network to become production, then it is best to setup accordingly to how you want your network setup.  This will depend on how many users you have, how much resources they need, etc.  For me, I found it's easier to setup network load balancing on an exchange server with two nics, more so than trying to multihome.  Running NAT/Internet Connection Sharing on the Exchange Server puts a lot more work on the machine than is really neceassy, and can be avoided with the SOHO NAT box.

In a small environment, this is probably overkill, but since you have two NICs - you could team them and use Fault Tolerant Load Balancing - so if one cable is accidentally unplugged, or one of your NICs gets misconfigured or dies, you'd still have a connection.  Again, overkill - or just disable it - as was suggested for simplicity.
doddwellAuthor Commented:
Can someone summarise for me? Lets say  I have a router, Exchange Server, File Server and a switch.  We are a relatively small company.  Can you let me know what should plug in where?
Plug two servers into the switch.  Plug the switch into a router.  Plug the router into your Internet connection.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
doddwellAuthor Commented:
Pseudocyber - Originally, that is how I would have configured the network but thought that after a question I recently posted (Q_21434583) it should be different.  Based upon the former question I would have thought:

Router plugs into internet
Exchange Server (NIC1) Plugs into Router
Exchange Server (NIC2) Plugs into switch
Domain/file Server plugs into Switch
Clients plug into switch
It depends.  I would really recommend a firewall in between the router and switch, but you didn't mention that.
doddwellAuthor Commented:
My router has a firewall - should I use an additional one?  If so, what do you reccomend and how would the network look?
When you say "router" are you talking about a Linksys or something like that?  I would recommend a "real" router - a Sonicwall, Symantec, Checkpoint, etc.

Screening Router (Cisco)
Oops, I meant "real" firewall - but "real" router also applies.
doddwellAuthor Commented:
My test network uses a Netgear DG834G (which does have a firewall but expect it's not ideal).  When we go live we'll be using a CISCO 1700 series router.
Your Cisco 1700 can do some Access List type control, but it's not ideal for doing Stateful Packet Inspection.
doddwellAuthor Commented:
What does a 'real' firewall sit on - a server or PC?  Is ISA such a product?
ISA can act like a firewall, but IMHO, no it's not a real firewall - it's a proxy server at heart.  Some firewalls will run on servers - such as Checkpoint on Windows or Sun Solaris.  However, In my opinion, it's best to run them as an appliance - where the firewall is its own box - less to manage - such as not having to keep up to date with Windows OS patches, worry about Windows vulnerabilities, etc.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.