How to create 2 networks

Hi,

i have a server with windows 2012 essentials ( the version for 25 users), and I have 4 network ports. I want to configure 2 network ports for 2 distint networks.
One should be connected to the internal network, should be 192.168.1.xxx and the other connect to external network connected to the router and should be 10.0.0.xxx.
The server is the DHCP of the domain, when i had this connection, one connect to the router and the other connected to the switch, the clients can't access to the internet, only in the server i can have access; when i connect the router to the switch and use the internal network the clients have internet. So my question is, what i have to configure to accomplish that?
The server is the DC, DNS Server and DHCP server, there are the roles on that.

Thanks.

Best regards.
privateuserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dipopoCommented:
What do you mean by the "clients" are these RDS/terminal services clients?

From the above I can see:

. 192.168.x.x - Internal has no internet
. 10.0.x.x - External has internet

You want server to be connected to both internal and external, and you want internet access for connections on the 192.168.x.x network?
0
privateuserAuthor Commented:
Hi,

Clients meant to be all the pcs connected to the domain which receive their ip via DHCP server.

Yes, the idea is the server both connected to both internal and external and internet access for connections on the 192.168.x.x network.

Thanks.

Best regards.
0
dipopoCommented:
Ok from the above there are several scenarios you can use:

Configure multi-homed network on server [NOTE: Do not assign multiple Gateway addresses, configure 192.168.x.x with a gateway, and configure 10.0.x.x with static routes]

1. Set up Server as "Internet Connection Sharing" and have your pc's use the server IP as gateway.

2. Install a Proxy server and have clients use proxy setting under LAN settings - Squid Proxy will work well.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Cliff GaliherCommented:
Essentials does not support multiple network cards and does not support routing traffic between multiple networks. Even with windows standard, routing is limited and should never be done on a domain controller.

you will need to place another machine or appliance to bridge your two networks, or flatten the networks into a single subnet with one egress point instead of what you are trying to do now. Those are your options with Essentials.
0
dipopoCommented:
"Essentials does not support multiple network cards and does not support routing traffic between multiple networks. "

Can you provide information/documentation to substantiate the statement??
0
Cliff GaliherCommented:
A router that supports IPv4 NAT is listed as a requirement under system requirements. If essentials supported this native, it obviously would not be a requirement.

http://technet.microsoft.com/en-us/library/jj200132.aspx

Further, the supported network configuration is clearly quite simple. If other options were supported, they'd be listed:

http://technet.microsoft.com/en-us/library/jj730381.aspx
0
dipopoCommented:
I respectfully agree to disagree :-) with the fact that 2012 Essentials does not support multiple NIC's.

The fact it states NIC teaming as a supported network configuration is further attestation to this conclusion.
0
privateuserAuthor Commented:
Hi,

Thanks for all «comments.

I don't understand why my customer want this configuration, but this server substitute the old DC using SBS 2003 and on that server it has this configuration.
I don't have any proxy server. The idea is isolate the router from the network of the office and connects directly to the server.

One question, it seems that the pc's, when i disconnect the router from the switch and connect directly to the server, can't solve the web requests, it could be a problem with DNS can't solve or redirect the requests for «someone» that can answer to that.
If I configure forwarders for the router and Telepac (for exemple), this would be enough to my pc's can access to the internet?

Thanks.

Best regards.
0
dipopoCommented:
Being able to resolve DNS does not mean internet access, you need an internet gateway device/software.

I understand the need to isolate the router from the network of the office, and using a proxy would do this nicely else something else will have to act as a gateway to the internet.

You can easily create a Linux VM (Centos preferred) and install Squid Proxy/Webmin and easily configure access for the 192.168.x.x subnet.

Do you have a firewall device on the network? this can also be used.
0
privateuserAuthor Commented:
I don't have any firewall, only on the router if it has anything like that.

It's a small office with few people and only have the server and nothing else.

Thanks.

Best regards.
0
dipopoCommented:
Nothing else, not even an old mouldy pc? :-( hmmmm ICS looking more like the option, although a not very good one.
0
Cliff GaliherCommented:
SBS 2003 was a very different product. First and foremost, it was written before the famous "trustworthy computing" memo that completely shifted Microsoft's vision towards security and delayed Vista, Server 2008, and SBS 2008 (all based on Longhorn) for several YEARS as they were rewritten.

Even then, SBS 2003 was only run in a supported 2-NIC configuration with the premium edition, which included ISA to provide security and proxy services. It was never meant to be run in a 2-NIC configuration bare.

SBS 2008 and later no longer shipped with ISA, and therefore dropped the 2-NIC configuration support.

SBS 2011 Essentials, and subsequently Windows Server 2012 Essentials (and 2012 R2 Essentials shortly) are the spiritual successors to SBS and therefore come with similar design philosophies *and* similar constraints. They must be domain controllers. They do not support trusts, and they only support single-NIC configurations.

EVEN if you get this working, because it does not have ISA like SBS 2003 did, it would provide NO better protection than a simple Linksys NAT device does. NAT, after all, does provide a bare-bones (and in my opinion, not sufficient) separation of LAN to WAN by nature of how NAT works.

But for a small business, what you really want is a firewall, which Essentials would not provide even if you got an unsupported configuration working. As I mentioned, at best, with RRAS or ICS you'd have a NAT provider on your domain controller (terribly insecure) doing what a $15 consumer router can do.

SonicWall, Watchguard, and several other companies make worthwhile firewall routers targeting the small business space. You get great security at a price cheaper than a bare-bones PC. Drop one of those in and you can run Essentials in a perfectly supported single NIC configuration.

Heck, absolute worst case, pick up a Linksys that supports flashing and throw an alternative Linux firmware on it that supports true firewall capabilities. DD-WRT is an option, although I personally prefer Tomato.

I should stress, however, that I consider the latest option one of purely last resort. Most consumer routers are made from commodity parts and, while sufficient in a home environment, will overheat with more than 2 or 3 simultaneous users stressing the router. Linux alternatives push those CPUs much harder than the build-in software so the stress is more noticeable and they tend to offer a poor internet experience. A $200 firewall from an SMB vendor is well worth the investment when you consider it can be left in place for years. That's a few bucks a month for securing your entire network.

-Cliff
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.