• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 559
  • Last Modified:

Single server, two NICs, two subnets, two routers

I have a Windows 2003 server running AD with two NICs that I would like to have connected to two subnets. Subnet #1 on IP range 192.168.1.* and Subnet #2 on IP range 192.168.2.*

The server should have two IP addresses, one for each NIC/subnet, say for example 192.168.1.100 and 192.168.2.100

Subnets should be completely segregated... i.e. neither subnet should be able to see the other apart from the server being able to see both.

Each subnet should also have it's own separate router/gateway to the Internet. For example, one at 192.168.1.1 and one at 192.168.2.1

The clients on subnet 192.168.1.0 should use the router at 192.168.1.1 for Internet access, while the clients on subnet 192.168.2.0 should use the router on that subnet (192.168.2.1) for Internet access. It would be preferable for the server to use the router at 192.168.1.1 for DNS lookups and Internet.

Is this configuration workable?

0
Mike_Carroll
Asked:
Mike_Carroll
  • 2
  • 2
1 Solution
 
OriNetworksCommented:
What would be the purpose of having this server connected to both networks? This is possible but I don't think things like DNS/AD would like this very much.
0
 
Mike_CarrollAuthor Commented:
I would like to keep the machines on both subnets away from each other and allow VPN connections into the 192.168.2.0 subnet. AD is not important on that subnet but server access is, so the machines could just authenticate rather than being formally attached to the ad.
0
 
OriNetworksCommented:
What I meant was if AD in installed on this "intermediary" server, the two network won't be separate becuase some traffic might go to the other unless you have ISA on this server blocking it. Regardless, Routing and Remote Access Role would certainly allow this configuration. Since the default gateways are different, any clients or server that you want to access the other network would have to have the gateway added to it.

For example, if a client on the 192.168.2.x network needed to access a server on the 192.168.1.x network, the 192.168.2.x machine would need to know how to get to that network. If the 192.168.2.x machine is a windows machine, from a command prompt where x.x.x.x is the subnet id of the remote network, y.y.y.y is the subnet mask and z.z.z.z is the IP of the local ISA Server.

route add -p x.x.x.x mask y.y.y.y z.z.z.z
example:
route add -p 192.168.1.0 mask 255.255.255.0 192.168.2.100

This is saying, if youre trying to get to any addresses starting with 192.168.1, then you have to go through 192.168.2.100 to get there.
0
 
Mike_CarrollAuthor Commented:
No way to test this as I had to drop the whole thing because it caused so much hassle.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now