Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4223
  • Last Modified:

Internal and External NIC config on Server 2008 R2

Hi,

I have Windows Server 2008 R2 fresh installed and have problems with networking.
I want to configure:

1.) INTERNAL adapter
with LAN IP, local gateway,
with network discovery ON, file sharing ON

2.) PUBLIC network adapter
with PUBLIC static IP, public gateway,
network discovery OFF, sharing OFF

But as much as I mess with adapters, Server 2008 puts both of them:
- EITHER in same group, hawing 1 group named "Public internet" or "Home network" with both adapters listed,
- EITHER creates 2 groups, one "Public netwrok" with PUBLIC NIC, and "Private network" with INTERNAL NIC,
...but in both cases it creates 2 outgoing routes:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     22.33.44.17        22.33.44.20    266
          0.0.0.0          0.0.0.0     10.10.11.150     10.10.11.100    656

Ok, I can delete unneeded route manually, but after some time windows recreates that route back, and internet does not work.
...or internet works, but LAN network discovery does not find any computers in LAN because of higher Metric (as shown in above example).

I remember I have had INTERNAL/EXTERNAL NIC configuration for ages on my old Win200 and Win2003 servers, so what am I missing here?
Ethernet adapter PUBLIC:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Server Adapter
   Physical Address. . . . . . . . . : 00-15-17-6F-5E-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 22.33.44.20(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   IPv4 Address. . . . . . . . . . . : 22.33.44.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 22.33.44.17
   DNS Servers . . . . . . . . . . . : 22.33.44.20
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter LOCAL:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connec
tion
   Physical Address. . . . . . . . . : 00-19-99-42-EB-1E
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.11.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.11.150
   DNS Servers . . . . . . . . . . . : 10.10.11.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Open in new window

0
Andrej Pirman
Asked:
Andrej Pirman
1 Solution
 
Vaidas911Commented:
Don't use default gateway for internal NIC - leave it blank. If you need to make your server a router, you have to setup RRAS role:
http://www.windowsnetworking.com/articles_tutorials/Using-Windows-Server-NAT-Router.html
0
 
atigrisCommented:
You didn't mention if you had used the "Routing And Remote Access Services (RRAS)" component to enable routing between your network cards?

To set this up, follow these steps:

Start RRAS by going to Start | All Programs | Administrative Tools | Routing And Remote Access.
Locate the server in the left-hand pane, and right-click it.
Select Configure And Enable Routing And Remote Access from the shortcut menu. This launches a wizard.
On the first step of the wizard, select Custom Configuration, and click Next.
On the Custom Configuration page in the wizard, select the LAN Routing option.
Click Next, and click Finish.
In the RRAS window, right-click the server, and select Properties. On the General tab, you'll see the Enable This Computer As A Router option selected, along with the Perform LAN Routing Only option. On the IP tab, you'll see the Enable IP Routing option selected.

Depending on your network topology, you may need to reconfigure your clients to use this server as their default router.

0
 
Andrej PirmanAuthor Commented:
Sorry, forgot to mention:
NO, my server is not a router, I don't want it to have RRAS configured.

I have INTERNAL and EXTERNAL switches, having configured devices:
INTERNAL:
- one NAS storage
- wireless AP
- few servers and few wireless clients
EXTERNAL:
- Cisco router, serving RIP2 routing, without NAT (serving my public /28 subnet)
- one server directly attached to /28 public subnet
- and my *problematic* server, attached to /28 public subnet with 1 NIC (another NIC to LAN)
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
Andrej PirmanAuthor Commented:
Ups..here he goes again!

Yesterday I removed all NIC drivers, clearing all settings, and setup them from scratch. Surprisingly, but setting:
- local NAS device IP as gateway for INTERNAL network
- and manually altering INTERNAL Metric to 656
rendered both networks to work like a charm!

Then I fired up my VPN connection to my remote site (it ought to be always up) and connected to VPN router on the other side. Worked fine, and here was the routing table:
       0.0.0.0          0.0.0.0               22.33.44.17       22.33.44.20     266  <-- this is my PUBLIC network
       0.0.0.0          0.0.0.0              10.10.11.150     10.10.11.100    656  <-- this is INTERNAL network
      10.10.10.20  255.255.255.255       On-link       10.10.10.20      266  <-- route for remote VPN site
      10.10.11.0    255.255.255.0           On-link       10.10.11.100    656  <-- route for LAN INTERNAL network

But today one new route just came up from nowhere:
       0.0.0.0          0.0.0.0               22.33.44.17       22.33.44.20     266
       0.0.0.0          0.0.0.0              10.10.11.150     10.10.11.100    656
      10.0.0.0        255.0.0.0           10.255.254.0     10.10.10.20        11  <--this one!?
      10.10.10.20  255.255.255.255       On-link       10.10.10.20      266
      10.10.11.0    255.255.255.0           On-link       10.10.11.100    656

Today internet works, but LAN network discovery is slow, slow, slow...it takes 1-2 minutes when I click on "Network" icon to scan the whole subnets and to display network devices.
Yesterday it was fast.

What is going on? Any idea?
0
 
Darius GhassemCommented:
Check your binding order for the network cards make sure you internal card is set first.

Go into the Network Connections click Advance Settings to find the current binding order.
0
 
Andrej PirmanAuthor Commented:
That's it! Binding order...huh, I did not even realise something like this exists under Windows :)
Thanx, darius!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now