[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to configure SBS 2003 / Exchange with two network cards

Posted on 2007-11-27
6
Medium Priority
?
234 Views
Last Modified: 2010-04-21
Hi Experts,

I have setup a Microsoft SBS Server with two network cards. What I want is the server to send all email through one of the network cards, and at the same time allow access to my intranet users through the other network card. Here is the current configuration:

Nework Card 1 (INTRANET): 192.168.2.50
Netmask: 255.255.255.0
Gateway: 192.168.2.1
The gateway is a Cisco 1800 Firewall/Router with VPN Access

Network Cards 2 (INTERNET): 200.XXX.XXX.50
Netmask: 255.255.255.240
Gateway: 200.XXX.XXX.1
The gateway is a Cisco PIX Firewall with ports 25 and 110 open

Exchange is listening on both NICS, however since a computer can only have one gateway, sometimes when I try to access port 25 and 110 on the Public, Internet Address, the services do not respond. If I remove the gateway from the INTRANET card, the services start responding and all internet traffic routed through that network card.

The issue here is that I need to be able to VPN into the 192.168.2.0 network with the CISCO vpn client, and if the Intranet NIC does not have a gateway, I can not access that server remotely.

What can I do to have Internet AND Intranet access to the mail ports and at the same time be able to access the server through vpn?

Thanks!

Glopezz



0
Comment
Question by:glopezz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 10

Expert Comment

by:cstosgale
ID: 20362225
Hi,

you are correct that you can only have one gateway. The reason your services stop responding when you configure two, is that half the traffic is being sent in the wrong direction. Does your cisco router have an internet connection? Why are you configuring it like this anyway? A much simpler and more common way to do this would be thus:-

Cisco router with two interfaces, one with a public 200.XXX.XXX.50 address and one private 192.168.2 address. The mail server sits on the 192.168.2.XXX range and has a static NAT to the public address you want to send your mail to. Other clients have a dynamic NAT through the Cisco router.

This also means your cisco router is available to the outside world so you can VPN to it.

I would not recommend the configuration above as it will be difficult to get what you want out of it.

0
 

Author Comment

by:glopezz
ID: 20362358
Thanks cstosgale,

The thing is that I have two different internet connections. One is a ADSL connection for Internet Browsing, that gives Internt access to internal 192.168.2.X clients of the office. Those clients connect to this server through the 192.168.2.50 ip.

The other is a dedicated internet connection for mail only, connected to the second network card of the server. I want mail to go through that connection for realiability purposes.

The idea is that the 192.168.2.x clients get their email on the LOCAL server, and the server receives email on the 200.XXX.XXX.XXX link.

I don't want to receive email on the ADSL connection, but on the dedicated Internet link on the 200. network which is connected to the other nic.

Thanks





0
 
LVL 10

Expert Comment

by:cstosgale
ID: 20367830
That's no problem, all you need to do is set the default gateway on the server on the 200.XXX.XXX.XXX connection.

This way, to get to the internet, and to send and receive mail, it will use this link. As it has a NIC in the 192.168.2 network, it can get to the clients in this network without any additional configuration. It doesn't need a gateway on this interface.

What connection is being used for the VPN? If you want to use the ADSL connection for the VPN, this should work fine, and you should be able to get to the internal address of the server without an problems over the VPN.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:glopezz
ID: 20367858
Thanks cstosgale,

The configuration you mention works perfect but still doesn't for the VPN.

The connection use dfor the VPN is the ADSL connection that is received by a Cisco 1800 router which is the gateway for all 192.168.2.X clients. Since the 192.168.2.50 NIC on the server has NO gateway, when I connect to the VPN I can not access or even ping this server.

All other 192.168.2.X hosts are accessible through the VPN, but the .50 isn't. I guess because it has no gateway configured in the card.

Do you think there is an alternative to get this computer visible through the vpn?

Thanks!!!
0
 
LVL 10

Accepted Solution

by:
cstosgale earned 2000 total points
ID: 20369385
Ah, sorry it makes sense now, you will need to add a static route to your server for the pool of addresses assigned to the VPN. You can do this thus from the command line of the server. This command assumes your VPN is configured to give you addresses from the 192.168.3.0 range, and your cisco router has an IP address 192.168.2.1:-

route -p ADD 192.168.3.0 MASK 255.255.255.0 192.168.2.1

the -p makes the route permanent so it will stay on the server even if you reboot it.
0
 

Author Closing Comment

by:glopezz
ID: 31411222
Thanks!! Worked like a charm! I can now VPN and access the server with no problem, and at the same time route all mail and internet traffic trhough the other NIC.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question