Solved

2 NIC setup in SBS 2003 Standard

Posted on 2006-06-14
21
3,574 Views
Last Modified: 2012-06-27
I'm running SBS 2003 Standard (no ISA) and I'm in the process of adding a 2nd NIC to the server. It's a simple network with 10 users connected to the server through a hub. The office connects to the Internet through a Netopia router supplied by our ISP. Before the addition of the 2nd NIC, everything is connected to the hub. The 2nd NIC (external) will connect to the ISP's router directly. The problem I'm having is with a Cisco router that connects our our office WAN. Before the 2nd NIC, it has been functioning correctly connected to the hub. Once I add the 2nd NIC and connect it to the ISP's router, users can't access the WAN. How do I hookup the WAN router in the new 2 NIC setup? Below is the setup I use for my 2 NIC configuration. Do they look right?

My internal NIC is:
IP ADDRESS      192.168.0.27
SUBNET MASK      255.255.0.0
DEAFULT GATEWAY      BLANK
PREFERRED DNS SERVER      192.168.0.27
ALTERNATE DNS SERVER      BLANK
PRIMARY WINS SERVER      192.168.0.27      
CABLE GOES TO      OFFICE HUB


My external NIC WILL BE:
IP ADDRESS            172.16.0.1
SUBNET MASK            255.255.255.0
DEAFULT GATEWAY            172.16.0.254
PREFERRED DNS SERVER            192.168.0.27
ALTERNATE DNS SERVER            BLANK
PRIMARY WINS SERVER            BLANK
NETBIOS OVER TCPIP            DISABLED
CABLE GOES TO            NETOPIA ROUTER (ISP CONNECTION)

0
Comment
Question by:BruceHSanford
  • 8
  • 6
  • 4
  • +1
21 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 16903833
You need to setup RRAS as a basic firewall so that it will route between NICs.
You also need to make sure the clients only point to your server for DNS and the gateway.

Where is the Cisco connected - a little more on this setup would be helpful.
0
 

Author Comment

by:BruceHSanford
ID: 16903906
Where is the Cisco connected?  It's connected to the hub along with the server, all users and the ISP's router now.

Won't RRAS setup happen when I run ICW after installing the 2nd NIC?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16904523
ICW is a client-based version of RRAS.  For a server, use RRAS.

Now, I'm a little confused with the Cisco.  You have a Netopis to the ISP and the Cisco goes ... where?

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:BruceHSanford
ID: 16904623
Cisco connects to the hub. Actualy, the server connects to the hub also as does our ISP router and all users.
0
 

Author Comment

by:BruceHSanford
ID: 16904677
If users are looking for the WAN, I need to tell the server that it can't be found at the ISP's router(?) Is this a DNS problem?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16905281
You need to setup the ISP's router on one interface of the SBS server, the other interface goes to the hub.  

As long as RRAS is setup as a firewall then it will route properly.

All your clients including the server must only point to your DNS server.  On the Forwarder tab of the properties of the DNS server is where to put the ISP DNS server entries - nowhere else.

Where does the Cisco go to?  I'm a little confused why you have 2 routers.

0
 

Author Comment

by:BruceHSanford
ID: 16905433
The Cisco connects us to our Wide Area Network via a T1 line.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16908194
Netman's comment about ICW is incorrect... Bruce means the Configure Email and Internet Connection Wizard (CEICW) which does set up RRAS, and is the only way you should configure an SBS.

Please see http://sbsurl.com/twonics for an example of how to set this up.

See http://sbsurl.com/ceicw and http://sbsurl.com/msicw for more info.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16908196
I would note also that you should not use a 255.255.0.0 subnet for your internal IP range... there's no reason.  A /24 subnet is just fine since you can not have more than 75 devices on your network anyhow.

Also, if you are having problems with the NICs connecting, check out their binding order in Network Connections > Advanced > Advanced Settings.  The Internal NIC should be first.

Jeff
TechSoEasy
0
 

Author Comment

by:BruceHSanford
ID: 16935986
TechSoEasy: You're right about the subnet - it should be 255.255.255.0 (actually that was typo on my part, sorry). I have verified the binding order as internal NIC 1st.

Netman66: I have 2 routers plugged into my office hub - is that unusual (I'm still learning about networking)? The Netopia uses a crossover cable & the Cisco does not. Is that unusual? Should the Cisco WAN router be connected directly to the Netopia from our ISP? Right now the Cisco is in the hub.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16936106
No, it's not unusual.  Most of the time you either have a single router with 2 interfaces, or you have the ISP split the Internet traffic out of the Point-to-Point link.

It's fine the way you have it.  You should, however, change your hubs for switches.


0
 
LVL 2

Expert Comment

by:stevew1999
ID: 16944047
I think it sounds unusual. What is the ip scheme of your WAN?  If you are trying to connect different private subnets on the same interface then the routers have to know about each other or the nic on your server has to know which way to route the traffic.  Try adding a second ip address to the nic on your server in the same subnet as your WAN.  Make the gateway your WAN router.


You can do this in the advanced tab of the tcpip properties.

0
 

Author Comment

by:BruceHSanford
ID: 16944501
Stevew1999: The internal NIC is IP 192.168.0.27 Subnet 255.255.255.0.
The address range of of the internal network is (static IPs) 192.168.0.20 -192.168.0.100.
The Cisco router has internal IP address 192.168.0.1. Through this router we access the WAN at 10.0.0.5. Will this be a problem?
Netopia  router has internal IP address 192.168.0.254

For the external NIC I was going to set it's IP address to 172.16.0.1 and change the Netopia to 172.16.0.2.  Does that sound reasonable?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16945284
As long as there is a persistent rout to the WAN (10.0.0.5) then there is no issue.

route add 10.0.0.0 mask 255.255.255.0 192.168.0.1 /p

This needs to be added to every PC and server on the LAN.

I am assuming your mask is /24 for the 10.x network, but insert whatever it is (if it's different).
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16945497
What is all that for??? are you running other networks off your internet connection?

If not, I'd refer back to the http://sbsurl.com/twonics example I provided.

Jeff
TechSoEasy
0
 

Author Comment

by:BruceHSanford
ID: 16945682
TechSoEasy: I'm definitely learnng as I go so my description may contain incorrect terms, etc. I have the pages from http://sbsurl.com/twonics and they are very helpful. I'm just not sure how to do this 2 NIC setup incorporating the Cisco router that allows access the Company WAN via a T1 line. The last time I tried the switch to 2 NICs, the WAN was unavailable afterwards.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 250 total points
ID: 16946294
So, this is a Private WAN then that you are wanting to integrate into this. The best way to configure this is something you ruled out in the first few words of your question... ISA.  But leaving that out... can you explain how users or your server needs to access this WAN?  Knowing this can help to determine which of the SBS's NICs it should route from.

Jeff
TechSoEasy

0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 250 total points
ID: 16946661
I know what he's got there - I've seen it many times in use as a redundant link, but not as a primary.


        T1 or Frame
               |
        Cisco Router                 SBS  ---- Internet
               |                             |
  LAN -------------------------------
               |
           Clients


As long as the clients have a route to the other side of the Cisco for the WAN/MAN then it should work.

ISA would certainly be the way to go since you can put a third NIC in the SBS server and connect it directly to the Cisco so the clients have to go through ISA to get there.

NM
0
 
LVL 2

Expert Comment

by:stevew1999
ID: 16951416
I agree with Netman66.  If his schematic represents your situation then you'll need to use the route statement on your clients that he referenced in an earlier post.

route add 10.0.0.0 mask 255.255.255.0 192.168.0.1 /p


0
 

Author Comment

by:BruceHSanford
ID: 17045823
Thanks TechSoEasy and Netman66. I have tried to accomplish my goal of having 2 NICs for several weeks using some of the advice I received here and elsewhere. A tech at my local ISP convinced me to abandon the 2 NIC setup. He said that I have the Netopia firewall for security already and "Having a second NIC active on a separate network in a domain controller can cause problems that are very hard to isolate and fix".
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question