Single server, two NICs, two subnets, two routers

Posted on 2009-04-29
Last Modified: 2013-11-05
I have a Windows 2003 server running AD with two NICs that I would like to have connected to two subnets. Subnet #1 on IP range 192.168.1.* and Subnet #2 on IP range 192.168.2.*

The server should have two IP addresses, one for each NIC/subnet, say for example and

Subnets should be completely segregated... i.e. neither subnet should be able to see the other apart from the server being able to see both.

Each subnet should also have it's own separate router/gateway to the Internet. For example, one at and one at

The clients on subnet should use the router at for Internet access, while the clients on subnet should use the router on that subnet ( for Internet access. It would be preferable for the server to use the router at for DNS lookups and Internet.

Is this configuration workable?

Question by:Mike_Carroll
    LVL 17

    Expert Comment

    What would be the purpose of having this server connected to both networks? This is possible but I don't think things like DNS/AD would like this very much.
    LVL 17

    Author Comment

    I would like to keep the machines on both subnets away from each other and allow VPN connections into the subnet. AD is not important on that subnet but server access is, so the machines could just authenticate rather than being formally attached to the ad.
    LVL 17

    Accepted Solution

    What I meant was if AD in installed on this "intermediary" server, the two network won't be separate becuase some traffic might go to the other unless you have ISA on this server blocking it. Regardless, Routing and Remote Access Role would certainly allow this configuration. Since the default gateways are different, any clients or server that you want to access the other network would have to have the gateway added to it.

    For example, if a client on the 192.168.2.x network needed to access a server on the 192.168.1.x network, the 192.168.2.x machine would need to know how to get to that network. If the 192.168.2.x machine is a windows machine, from a command prompt where x.x.x.x is the subnet id of the remote network, y.y.y.y is the subnet mask and z.z.z.z is the IP of the local ISA Server.

    route add -p x.x.x.x mask y.y.y.y z.z.z.z
    route add -p mask

    This is saying, if youre trying to get to any addresses starting with 192.168.1, then you have to go through to get there.
    LVL 17

    Author Closing Comment

    No way to test this as I had to drop the whole thing because it caused so much hassle.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Suggested Solutions

    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now