Isolate server on LAN but still give internet access

Posted on 2013-09-09
Medium Priority
Last Modified: 2013-10-02
I am working on a migration project from SBS 2003 to 2011 for a client out of state.
At this point, I need to be able to set up the migrated server with internet access without allowing it to touch the LAN or other machines using the clients existing WAN connection.

Any thoughts? The new server MUST be isolated from the LAN or it will be a bad day for everyone! Thanks.
Question by:JP_TechGroup
LVL 13

Accepted Solution

Norm Dickinson earned 1000 total points
ID: 39476876
You will probably want to separate your network into at least two different VLANs, or virtual Local Area Networks. It's done at Layer 2 of the OSI model and would suffice for your purposes. See http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan for an overview or some more detailed, Cisco-specific information at http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/vlans.pdf to get you started.
LVL 10

Expert Comment

ID: 39476926
Second the VLAN suggestion.  Broadcast and UDP traffic will be constrained to the VLAN and will not cause SBS to panic. If your network gear isnt VLAN capable, you can just setup a second router and switch to accommodate the new server.

Assisted Solution

Red-King earned 1000 total points
ID: 39476946
As tqfdotus said, you can add a new VLAN to the network if you have a switch and that you can manage. Alternatively you can just create a new subnet for the new server which should require all traffic between subnets to be sent to the router.
On the router you will need an ACL or something to that effect to prevent traffic being passed between the 2 subnets.
You could also add a rule to the firewall of the clients on the original subnet which will reject traffic from the new subnet.

Author Comment

ID: 39477158
Yea, the VLAN was the way I wanted to go... unfortunately they lack the hardware...
I was considering using a separate router, but I am not positive that this will isolate the box to my satisfaction. I think I'll give the subnet mask a try (now why didn't I think of that).
Be back in a few! Thanks all.

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question