2 Domains - 1 LAN

Posted on 2011-03-09
Last Modified: 2012-05-11
I've been doing a lot of reading, and it appears very possible, I just want to put it out there to reassure me before I go ahead with it.

I have a client that has two separate business in the same office. Company 1 just upgraded to a 12MB Internet Connection and VOIP Phones, Company 2 is going to share the internet connection and phones.

Before this, they each had their own DSL lines.

Company 1 has a Windows 2003 SBS, domain controller, running DNS but a router is doing DHCP.
Company 2 has a Windows 2003 Standard Server, domain controller, also doing DNS but their router is also doing DHCP.

Company 2 is only 4 users.

They do want to keep their domains (relatively) separate.

Can I put both servers on the LAN, same IP addressing, using one router, and statically assigning Company 2 PCs static addresses, gateway, and DNS (pointing to their server) without interfering with the other domain server? Still having all users log into their respective domains?

Question by:toe_mas
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
  • +1

Expert Comment

ID: 35089498
Yes this could be done but you will have to set exclusion in DHCP on the other server to ensure that the ip's you have assigned do not get used.

I would suggest running two different subnets and using the same gateway and or a proxy server for both.  This will keep everything separate and you will still be able to access the internet connection from either subnet

Author Comment

ID: 35089514
Yes, I'd make sure of the DHCP issue.
Are you saying I should have one network be 192.168.0.X and the other be 192.168.1.X but using the same Gateway IP, i.e.

Author Comment

ID: 35089520
Then of course the DHCP issue wouldn't exist if course...
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.


Expert Comment

ID: 35089534
yes you will have the two subnets (192.168.0.x and 192.168.1.x)  They can use the same gateway.  As toe mas has said you will loos the DHCP on the static assigned subnet but if this is ol for you then no problem.  You could also put in another switch and have each subnet on its own switch and connect the new one to be able to access the gateway.  You will have to configure the switches to allow this though.
LVL 77

Expert Comment

by:Rob Williams
ID: 35089771
If you have two subnets how are they going to use the same gateway?
If you have a router that supports multiple LAN IP's (i.e. 2 gateways) you could do that.

You can accomplish what you want but it is not an ideal situation, there can be IP conflicts, major DNS issues, and security concerns.
Ideally if you can get 2 public IP's from your ISP isolate them completely by configuring such as:


Both networks can then be on different subnets, different physical networks, and protected by one another by the routers/firewalls.

Ignoring that you can use a single DHCP server (preferably the SBS) and use exclusions, reservations (assigning appropriate DNS), and static IP's. However when you have a new machine or guest in the office all sorts of havoc breaks out.

Author Comment

ID: 35089853
Gottcha, RobWill, what if I had a second router (for Company 2), go into Company 1's router? And ran Company 2 off just that router? Then it can have two different subnets. Kind of like adding public wireless into a wireless LAN , router into router...

Author Comment

ID: 35089859
Geez... I meant, adding public wireless into a private lan, router into router... I've looking at screens to long today!
LVL 26

Accepted Solution

Fred Marshall earned 250 total points
ID: 35089874
RobWill has given very good advice.  It's easy to manage and it works with low cost equipment.  

If for some strange reason that you don't want to do it quite this way then note:

You can run different subnets on the same LAN.  Then the only trick is how to connect to the internet from both LANs.
- Suppose that one LAN with internet connection already exists.
- Simply add computers on another subnet onto the same wires and switches.
Then, for the new subnet you might:
1) add an internet router/gateway with its own public IP address.
2) add an internet router/gateway on the same "interim" LAN / subnet as in RobWill's diagram to connect to a common internet router.  This means that the "outside" Internet/WAN address will be on the "other" subnet.  It also means that the computers on the new LAN/subnet will likely be able to "see" the computers on the first subnet.   If that's not OK then back to RobWill's suggestion.

Author Comment

ID: 35089929
FMarshal;, I think we were both typing at the same time! That is what I suggested just seconds before you. Yes, I understand one LAN will be able to see the other. Like I said in the original question, they want it relatively separate. Meaning someone would have to really go digging to find it, rather than accidentally browse to it while saving a file. The employees in question are not the "Digging" type. So router into router would be perfectly acceptable for my set up. Other people might want to go for the extra security.

The fact that one LAN will be able to see the other, even though they are on different subnets, is the same reason I originally thought that two different subnets could use the same gateway as was originally suggested at the beginning of this question. I understand now why that isn't quite right.

LVL 77

Expert Comment

by:Rob Williams
ID: 35089947
You can connect one router to the other and it works fine for outgoing services. As you mentioned one network can see the other but not the reverse.
You do run into problems with incoming services (SMTP, RDP, RWW, OWA, VPN) having to be NAT'd twice. Some service like a VPN just will not work.

Author Comment

ID: 35089987
For the main router and main server I have Exchange and Terminal Services that come in.

For the second router (the router into the router) I also have Terminal Services running and a VPN for someone in AZ... I can do Terminals Services on a different port for that one... In the First Router, can't I forward those ports to the Second Router, then in the Second Router, forward those ports to the Server?

What a tangled web :)
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 35090020
VPN will not allow NAT x 2
Terminal services you can change the port on the outer router and map to the inner router, then map to the TS. That will work.

How expensive is a second IP? This will work but it is rather "rinky dink". Generally a second IP is $5-$10 a month or if you have a business account with a static IP you may already be alloted 5 IP's. It's just that that would be a better business solution.

Author Closing Comment

ID: 35287483
Went another router... although the above would have worked in my situation, they opted for an additional DSL line and everything is separate as was before.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question