Network Configuration with 2 Servers

You only need to use one NIC. Give it an IP of something like 192.168.0.4 and just disable the other one.

The router should already be doing NAT you shouldn't have to do anything.

I know that I only need to use 1 NIC on the Exchange server, but isn't it preferable to use 2?

It depends on your setup. If you wanted to use it you would either have to give it a public IP or an IP on a seperate internal subnet to seperate email traffic from the rest of the network. You could give it an IP of 192.168.1.4, but your router would have to be able to handle two internal subnets.

Even doing this wouldn't really change anything. It wouldn't give you any more bandwidth or help security much.

If you were in a larger environment it could be usefull. If you had a seperate exchange server acting as a gateway to multiple internal exchange servers with email stores on them. You could have one NIC connected to your DMZ and one NIC connected to your internal network. Even in that situation, that wouldn't be the best way to do it because if somehow the gateway exchange server was compromized then they would have full access to your internal network. The way it would be done is to have the gateway exchange server in the DMZ with one NIC and it accepts email from the internet through the firewall, then forwards it to the internal servers back through the firewall to the internal network. At each point the traffic is restricted to only what is expected. I really don't see the need for dual NICs in this case.


You could also use it for background traffic, like for doing backup jobs. Then both servers would have dual NICs and talk to each other on the secondary network and the workstations on the primary network. It really wouldn't make that much difference for only two servers though.

Is this a test network to be rolled out to production?  Or a test network for testing things before applying to your production network?

In the later case there isn't much need for the Exchange server to use both nics.  Enable one, and disable the other.  The IP# doesn't matter, as long as its not in use else where.

If it is a test network to become production, then it is best to setup accordingly to how you want your network setup.  This will depend on how many users you have, how much resources they need, etc.  For me, I found it's easier to setup network load balancing on an exchange server with two nics, more so than trying to multihome.  Running NAT/Internet Connection Sharing on the Exchange Server puts a lot more work on the machine than is really neceassy, and can be avoided with the SOHO NAT box.

CH

In a small environment, this is probably overkill, but since you have two NICs - you could team them and use Fault Tolerant Load Balancing - so if one cable is accidentally unplugged, or one of your NICs gets misconfigured or dies, you'd still have a connection.  Again, overkill - or just disable it - as was suggested for simplicity.

Can someone summarise for me? Lets say  I have a router, Exchange Server, File Server and a switch.  We are a relatively small company.  Can you let me know what should plug in where?

Pseudocyber - Originally, that is how I would have configured the network but thought that after a question I recently posted (Q_21434583) it should be different.  Based upon the former question I would have thought:

Router plugs into internet
Exchange Server (NIC1) Plugs into Router
Exchange Server (NIC2) Plugs into switch
Domain/file Server plugs into Switch
Clients plug into switch

It depends.  I would really recommend a firewall in between the router and switch, but you didn't mention that.

My router has a firewall - should I use an additional one?  If so, what do you reccomend and how would the network look?

When you say "router" are you talking about a Linksys or something like that?  I would recommend a "real" router - a Sonicwall, Symantec, Checkpoint, etc.

Internet
 |
Screening Router (Cisco)
 |
Firewall
 |
Switch
 |
Servers

Oops, I meant "real" firewall - but "real" router also applies.

My test network uses a Netgear DG834G (which does have a firewall but expect it's not ideal).  When we go live we'll be using a CISCO 1700 series router.

Your Cisco 1700 can do some Access List type control, but it's not ideal for doing Stateful Packet Inspection.

What does a 'real' firewall sit on - a server or PC?  Is ISA such a product?

ISA can act like a firewall, but IMHO, no it's not a real firewall - it's a proxy server at heart.  Some firewalls will run on servers - such as Checkpoint on Windows or Sun Solaris.  However, In my opinion, it's best to run them as an appliance - where the firewall is its own box - less to manage - such as not having to keep up to date with Windows OS patches, worry about Windows vulnerabilities, etc.