Setting up New Print Server with 2 NICs/Subnets (500 points)
Hi!
My company is switching to a new ISP with a Public Class C subnet. Even though this is more IPs than we really need (for now), we would like to keep our network printers on their current local subnet. They are currently on a private 192.168.x.x subnet.
The idea is to take our current WSUS server and add print drivers to it to also make it a print server.
Problem is all workstations will be using Public IPs (no NAT) and will have to communicate with the printers on the private 192.168.x.x subnet.
I was thinking about adding a second NIC to the server. Connect one to the Public subnet and the other to the private subnet.
The way I imagine that this would be handled:
1. A print request is sent to \\printserver\printer
2. The print server's name is resolved by the firewall to the print server's IP and passed along to it.
3. The request would then be passed along to the second NIC that is connected to the 192.168.x.x subnet.
4. The printer would print and report on the job's status back to the Print Server's Public IP --> Public IP workstation.
We would also like to limit access to this print server to only the Public IP range that is assigned to our workstations. I know that we can set the firewall not to allow access to the print server from outside the firewall. Is this going to be sufficient in terms of disallowing access to it by the general public?
Here are my questions:
1. Is the above a good idea for a solution? Again, we need to make sure that printers stay on the private 192.168.x.x after the rest of the network switches to Public IPs.
2. The WSUS server currently manages 64 workstations and this number is expected to grow to about 100. Will the server be able to handle print requests for roughly 15 network printers as well? It's a dual P3 1000MHZ with 2GB of RAM and lots of HD space.
3. In MS Windows Server 2003, where will I have to go to configure the NICs to pass along info between the public and private subnets? I.e. a print request is sent in to the public IP, passed along to a printer on the local 192.168.x.x subnet. 4. Let's say the public IP is 1.1.10.10 with a gateway address of 1.1.1.253 and the local address is 192.168.1.10. What will the gateway have to be in order to communicate between the two NICs? Just looking for a clear explanation of how this two NIC business works.
5. Should any new services be installed to allow for this functionality on the server itself?
My company is switching to a new ISP with a Public Class C subnet. Even though this is more IPs than we really need (for now), we would like to keep our network printers on their current local subnet. They are currently on a private 192.168.x.x subnet.
The idea is to take our current WSUS server and add print drivers to it to also make it a print server.
Problem is all workstations will be using Public IPs (no NAT) and will have to communicate with the printers on the private 192.168.x.x subnet.
I was thinking about adding a second NIC to the server. Connect one to the Public subnet and the other to the private subnet.
The way I imagine that this would be handled:
1. A print request is sent to \\printserver\printer
2. The print server's name is resolved by the firewall to the print server's IP and passed along to it.
3. The request would then be passed along to the second NIC that is connected to the 192.168.x.x subnet.
4. The printer would print and report on the job's status back to the Print Server's Public IP --> Public IP workstation.
We would also like to limit access to this print server to only the Public IP range that is assigned to our workstations. I know that we can set the firewall not to allow access to the print server from outside the firewall. Is this going to be sufficient in terms of disallowing access to it by the general public?
Here are my questions:
1. Is the above a good idea for a solution? Again, we need to make sure that printers stay on the private 192.168.x.x after the rest of the network switches to Public IPs.
2. The WSUS server currently manages 64 workstations and this number is expected to grow to about 100. Will the server be able to handle print requests for roughly 15 network printers as well? It's a dual P3 1000MHZ with 2GB of RAM and lots of HD space.
3. In MS Windows Server 2003, where will I have to go to configure the NICs to pass along info between the public and private subnets? I.e. a print request is sent in to the public IP, passed along to a printer on the local 192.168.x.x subnet. 4. Let's say the public IP is 1.1.10.10 with a gateway address of 1.1.1.253 and the local address is 192.168.1.10. What will the gateway have to be in order to communicate between the two NICs? Just looking for a clear explanation of how this two NIC business works.
5. Should any new services be installed to allow for this functionality on the server itself?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With respect to #4, put the NIC in and configure it before you do step #3.
The internal (LAN) side NIC must be at the top of the binding order and will likely not use a gateway once the hack in step #3 is done.
This page has a collection of articles for RRAS:
http://labmice.techtarget.com/windows2003/Network/defaut.htm
The internal (LAN) side NIC must be at the top of the binding order and will likely not use a gateway once the hack in step #3 is done.
This page has a collection of articles for RRAS:
http://labmice.techtarget.com/windows2003/Network/defaut.htm
ASKER
1. Public IPs behind a PIX firewall, DHCP issued by our current AD server. Supposed to make our packet shaper work better... not my idea to get rid of NAT.
2. Thanks.
3. Awesome.
4. Would you mind elaborating on how I should go about configuring the server with the two NICs? Say #3 is done, I put the new NIC into the server. Assign a static private IP address to it. What's next, how do I make sure the two talk together? Is there a protocol I will have to configure?
5. Any good RRAS guides for dummies? Haven't done RRAS yet. Thanks again for your help!