Solved

help configuring a "second" internal network

Posted on 2009-05-14
3
282 Views
Last Modified: 2012-05-07
I acknowledge that I know only enough to be dangerous with networking, but it has gotten me through this far.  Please advise if you can help me ... :-)

Our very small business hosts 3 separate SSL websites (for different aspects of our business).  Each has its own static public IP, and each has its own private network with various other PCs and servers attached.  The websites are 3-tier, using IIS6, ASP.net and MS-SQL.  All servers are Windows 2003 Standard SP2.

We use a 4th private network (with its own static public IP) for all of our own internal business transactions and communication.  This 4th network hosts no websites, but does have various servers, a multitude of storage, and several PC clients, printers, etc.  It's my hope to grant certain machines on the "other" 3 networks access to resources on the 4th.

I've done this (kind of) over the last year with wireless adapters on certain machines needing access to the 4th network. I can also gain access through a SSL-VPN on the 4th network.
But, both "indirect" options are slow.

So, I thought I'd try to make it faster by installing additional NICs in these machines, and connecting these via a Gb switch to the 4th network.  Everything connects just fine, and everyone can talk to each other, each on 2 separate private networks (one common to all).  My problem is that my SSL websites become unreachable from outside, as soon as I enable these connections (and they are restored almost instantly when I disable the connections).

Clearly, there is some security issue of which I'm unaware, that's keeping everyone from being connected and happy.  But I need help.   Why am I able to establish additional wireless or VPN network connections on the 1,2,3 servers that don't affect the websites, but a hard-wired one does?  Is it just settings?  Am I crazy trying to do this?  Do I need to setup a 5th internal network - that doesn't (in and of itself) have an internet connection?

This is not super-high security stuff, so I'm not real worried about doing something that is slightly unconventional.  Any suggestions will be helpful.  I'm just trying to get fast, reliable, always-on access for networks 1,2,3 to resources on the 4th network.  Thanks!
0
Comment
Question by:cacliffo
3 Comments
 

Accepted Solution

by:
cacliffo earned 0 total points
ID: 24391573
I think I may have found the solution, taking a hint from another thread.  By removing the 'default gateway' on the 2nd NICs, I now have all the networks talking to each other (within the private network), and the SSL websites are exposed and running from the outside world.

If someone could confirm that this is OK, and an acceptable solution, that would be great.  Please advise if there are any cautions recommended.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 20 total points
ID: 24393983
That should be the correct solution.  In fact if you think about it for a second, how can a computer have two defaults?  Easy, it can't.
MS makes you believe that you can have a unique default route for each NIC, when you can't.  The default gateway is for the whole box.

IP does not send traffic out the same NIC it came in on, it sends it out the "best" NIC based on the routing table.  If you have two (or more) NIC's and you define more than one default gateway, only one is the real default gateway.  

The other one will not be used except in the case when the 1st one become unreachable.
0
 
LVL 22

Assisted Solution

by:cj_1969
cj_1969 earned 20 total points
ID: 24394659
Yes, what you have is fine, well its the only thing that will work :)

Just be aware ... since the default gateway is on the external NIC and there is no routing (or there shouldn't be) to any of your internal networks from this interface.  If you have any subnets that are not included in the 3 internal ones that are configured on the other interfaces you will need to explicity define a route on the server for them and tell the OS which internal router interface (gateway) to use to get to it/them.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VMware NSX version 6.2.2 upgrade 6.2.4 6 50
ADMT Intra Forest migration questions 7 78
Use of Training Budget 12 69
svg file 10 39
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now