help configuring a "second" internal network
Posted on 2009-05-14
I acknowledge that I know only enough to be dangerous with networking, but it has gotten me through this far. Please advise if you can help me ... :-)
Our very small business hosts 3 separate SSL websites (for different aspects of our business). Each has its own static public IP, and each has its own private network with various other PCs and servers attached. The websites are 3-tier, using IIS6, ASP.net and MS-SQL. All servers are Windows 2003 Standard SP2.
We use a 4th private network (with its own static public IP) for all of our own internal business transactions and communication. This 4th network hosts no websites, but does have various servers, a multitude of storage, and several PC clients, printers, etc. It's my hope to grant certain machines on the "other" 3 networks access to resources on the 4th.
I've done this (kind of) over the last year with wireless adapters on certain machines needing access to the 4th network. I can also gain access through a SSL-VPN on the 4th network.
But, both "indirect" options are slow.
So, I thought I'd try to make it faster by installing additional NICs in these machines, and connecting these via a Gb switch to the 4th network. Everything connects just fine, and everyone can talk to each other, each on 2 separate private networks (one common to all). My problem is that my SSL websites become unreachable from outside, as soon as I enable these connections (and they are restored almost instantly when I disable the connections).
Clearly, there is some security issue of which I'm unaware, that's keeping everyone from being connected and happy. But I need help. Why am I able to establish additional wireless or VPN network connections on the 1,2,3 servers that don't affect the websites, but a hard-wired one does? Is it just settings? Am I crazy trying to do this? Do I need to setup a 5th internal network - that doesn't (in and of itself) have an internet connection?
This is not super-high security stuff, so I'm not real worried about doing something that is slightly unconventional. Any suggestions will be helpful. I'm just trying to get fast, reliable, always-on access for networks 1,2,3 to resources on the 4th network. Thanks!