Solved

help configuring a "second" internal network

Posted on 2009-05-14
3
284 Views
Last Modified: 2012-05-07
I acknowledge that I know only enough to be dangerous with networking, but it has gotten me through this far.  Please advise if you can help me ... :-)

Our very small business hosts 3 separate SSL websites (for different aspects of our business).  Each has its own static public IP, and each has its own private network with various other PCs and servers attached.  The websites are 3-tier, using IIS6, ASP.net and MS-SQL.  All servers are Windows 2003 Standard SP2.

We use a 4th private network (with its own static public IP) for all of our own internal business transactions and communication.  This 4th network hosts no websites, but does have various servers, a multitude of storage, and several PC clients, printers, etc.  It's my hope to grant certain machines on the "other" 3 networks access to resources on the 4th.

I've done this (kind of) over the last year with wireless adapters on certain machines needing access to the 4th network. I can also gain access through a SSL-VPN on the 4th network.
But, both "indirect" options are slow.

So, I thought I'd try to make it faster by installing additional NICs in these machines, and connecting these via a Gb switch to the 4th network.  Everything connects just fine, and everyone can talk to each other, each on 2 separate private networks (one common to all).  My problem is that my SSL websites become unreachable from outside, as soon as I enable these connections (and they are restored almost instantly when I disable the connections).

Clearly, there is some security issue of which I'm unaware, that's keeping everyone from being connected and happy.  But I need help.   Why am I able to establish additional wireless or VPN network connections on the 1,2,3 servers that don't affect the websites, but a hard-wired one does?  Is it just settings?  Am I crazy trying to do this?  Do I need to setup a 5th internal network - that doesn't (in and of itself) have an internet connection?

This is not super-high security stuff, so I'm not real worried about doing something that is slightly unconventional.  Any suggestions will be helpful.  I'm just trying to get fast, reliable, always-on access for networks 1,2,3 to resources on the 4th network.  Thanks!
0
Comment
Question by:cacliffo
3 Comments
 

Accepted Solution

by:
cacliffo earned 0 total points
ID: 24391573
I think I may have found the solution, taking a hint from another thread.  By removing the 'default gateway' on the 2nd NICs, I now have all the networks talking to each other (within the private network), and the SSL websites are exposed and running from the outside world.

If someone could confirm that this is OK, and an acceptable solution, that would be great.  Please advise if there are any cautions recommended.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 20 total points
ID: 24393983
That should be the correct solution.  In fact if you think about it for a second, how can a computer have two defaults?  Easy, it can't.
MS makes you believe that you can have a unique default route for each NIC, when you can't.  The default gateway is for the whole box.

IP does not send traffic out the same NIC it came in on, it sends it out the "best" NIC based on the routing table.  If you have two (or more) NIC's and you define more than one default gateway, only one is the real default gateway.  

The other one will not be used except in the case when the 1st one become unreachable.
0
 
LVL 22

Assisted Solution

by:cj_1969
cj_1969 earned 20 total points
ID: 24394659
Yes, what you have is fine, well its the only thing that will work :)

Just be aware ... since the default gateway is on the external NIC and there is no routing (or there shouldn't be) to any of your internal networks from this interface.  If you have any subnets that are not included in the 3 internal ones that are configured on the other interfaces you will need to explicity define a route on the server for them and tell the OS which internal router interface (gateway) to use to get to it/them.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 30
Windows Server: configure snmp security to accept subnet 7 30
Connecting Servers to L2 OR L3 Switch 6 47
asset tags - importance 3 28
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
An article on effective troubleshooting
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question