Solved

help configuring a "second" internal network

Posted on 2009-05-14
3
283 Views
Last Modified: 2012-05-07
I acknowledge that I know only enough to be dangerous with networking, but it has gotten me through this far.  Please advise if you can help me ... :-)

Our very small business hosts 3 separate SSL websites (for different aspects of our business).  Each has its own static public IP, and each has its own private network with various other PCs and servers attached.  The websites are 3-tier, using IIS6, ASP.net and MS-SQL.  All servers are Windows 2003 Standard SP2.

We use a 4th private network (with its own static public IP) for all of our own internal business transactions and communication.  This 4th network hosts no websites, but does have various servers, a multitude of storage, and several PC clients, printers, etc.  It's my hope to grant certain machines on the "other" 3 networks access to resources on the 4th.

I've done this (kind of) over the last year with wireless adapters on certain machines needing access to the 4th network. I can also gain access through a SSL-VPN on the 4th network.
But, both "indirect" options are slow.

So, I thought I'd try to make it faster by installing additional NICs in these machines, and connecting these via a Gb switch to the 4th network.  Everything connects just fine, and everyone can talk to each other, each on 2 separate private networks (one common to all).  My problem is that my SSL websites become unreachable from outside, as soon as I enable these connections (and they are restored almost instantly when I disable the connections).

Clearly, there is some security issue of which I'm unaware, that's keeping everyone from being connected and happy.  But I need help.   Why am I able to establish additional wireless or VPN network connections on the 1,2,3 servers that don't affect the websites, but a hard-wired one does?  Is it just settings?  Am I crazy trying to do this?  Do I need to setup a 5th internal network - that doesn't (in and of itself) have an internet connection?

This is not super-high security stuff, so I'm not real worried about doing something that is slightly unconventional.  Any suggestions will be helpful.  I'm just trying to get fast, reliable, always-on access for networks 1,2,3 to resources on the 4th network.  Thanks!
0
Comment
Question by:cacliffo
3 Comments
 

Accepted Solution

by:
cacliffo earned 0 total points
ID: 24391573
I think I may have found the solution, taking a hint from another thread.  By removing the 'default gateway' on the 2nd NICs, I now have all the networks talking to each other (within the private network), and the SSL websites are exposed and running from the outside world.

If someone could confirm that this is OK, and an acceptable solution, that would be great.  Please advise if there are any cautions recommended.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 20 total points
ID: 24393983
That should be the correct solution.  In fact if you think about it for a second, how can a computer have two defaults?  Easy, it can't.
MS makes you believe that you can have a unique default route for each NIC, when you can't.  The default gateway is for the whole box.

IP does not send traffic out the same NIC it came in on, it sends it out the "best" NIC based on the routing table.  If you have two (or more) NIC's and you define more than one default gateway, only one is the real default gateway.  

The other one will not be used except in the case when the 1st one become unreachable.
0
 
LVL 22

Assisted Solution

by:cj_1969
cj_1969 earned 20 total points
ID: 24394659
Yes, what you have is fine, well its the only thing that will work :)

Just be aware ... since the default gateway is on the external NIC and there is no routing (or there shouldn't be) to any of your internal networks from this interface.  If you have any subnets that are not included in the 3 internal ones that are configured on the other interfaces you will need to explicity define a route on the server for them and tell the OS which internal router interface (gateway) to use to get to it/them.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now