No announcement yet.

2 sbs domains... 1 subnet?

  • Filter
  • Time
  • Show
Clear All
new posts

  • 2 sbs domains... 1 subnet?

    Hi all;

    I have a general design issue that I would really appreciate some help on.
    Sorry if its a bit long but I've inherited a small company's setup and its a bit of a mess. Maybe its simple to experts out there!
    Thanks in advance to anyone.

    In a nutshell, the owner wants to strip it down and is looking for advise on best way to go.
    Not necessarily most elaborate. We're trying to simplify it.

    The existing setup is this:

    2 (two) SBS 2003 servers. 2 domains. 2 Nics in each server. Nic1 is Lan, Nic2 faces router. Lots ram, lotsa drive space on servers.
    Both servers share internet, firewall via a small cisco 851 vpn router.
    Server A - Nic1 is Nic2 is
    Server B - Nic1 is Nic2 is
    Users on Domain A (1.10 lan segment) connect to a switch, then it goes to Nic1 on server A, Nic2 to router lan port.
    Users on Domain B (2.10 lan segment) connect to a switch, then it goes to Nic1 on server B, Nic2 to router lan port.

    Less than 10 client PCs.
    Email is web based.

    IP addresses on client pcs are static.
    Printer is shared - via plugging into router lan port at static address 3.99

    I didn't design this, so.....

    Some years ago, Nat was running between server nics and no pc on either domain could see each other. Owner wanted it this way for isolation, software testing, Y2K scare, etc. Nat has since been removed and now pcs and servers can see each other.
    But there's still 2 domains, 2 network segments.

    The cisco vpn router was installed about a year ago. The need was to connect to any pc on either domain from outside. Using cisco's vpn and its client with internal user list.

    Couldn't connect to internal pcs until we disabled nat between each server's nics.
    Static routes were setup (not sure they are necessary but are there anyway. I know, a mess). VPN is ok now. btw I am not a cisco expert. The router's config is a bit of a mess too but is working for the most part. That's a different story tho.

    So now, the system is ok but not great. For instance, server A, an R2 X64 server,is for software testing and runs a lot of sql. Huge database files. But internet connectivity and anything else going thru this server is often slow. Small wonder.
    There are dns issues too.

    I personally don't like the dual nic method because of situations like this. It makes more sense to me to have a good firewall/router, use a single nic on server, hang server off same switch that the router and everyone else is on. So now if server is slow or even down, etc., at least internet, outside email etc. is not affected. To me this is some degree of ( relief? fault tolerance?). I know sbs wants to have 2 nics running and I've had that argument before but I'd like not to focus on that right now.

    The problem is that I can't get much time on the system so I don't have much opportunity to experiment, test etc.
    So before I can propose or proceed I'd like to be 99.9% sure that it will work.

    The 2 domains MUST be kept separate but the lan segment separation does not.

    So let's assume that I'm going with single nic method on both servers; get rid of exist static routes between nics, confusion, nat, etc.. I have enuf to figure out on the cisco router.
    What would be wrong with having one segment, one subnet and hang both servers off it? How would that affect the 2 domains?
    i.e. Server A at say, 1.10, Server B at 1.11.
    I'm aware of possible dhcp conflict issues. But wouldn't I still need dhcp on both in order for clients to connect to their respective domains? How can it/ would it work on a single subnet?

    Or would it be better to keep 2 subnets, still assuming single nic.? Hmm then how would they share the printer?? One side wouldn't be able to see it ?!!.
    I want to have at least 1 server ( the busy sql server) as a single nic so those web connected thru it are not bottlenecked by it when its busy !

    Maybe I'm overcomplicating a simple thing.. Not sure. Any advise much appreciated.


  • #2
    Re: 2 sbs domains... 1 subnet?

    OK I haven't studied your article in depth (that is a consultant's job and you should pay for that!) but let me say that KEEP YOUR 2 NIC arrangement or your SBS will stop working. At least your DHCP services will. That is unless you want to have one server serving addresses and the other subnet to be configured with static IPs.
    DNS is a cinch - the External NIC of each SBS points to its respective internal NIC. The DNS server on each SBS has forwarders - which are your ISP's DNS.
    For that you can UTFW (Connect to the internet Wizard) and everything should be ok. In fact on the Cisco all you really needed are 2 addressable static IPs (which means a subnet of and you can NAT and make DNS for each domain point to the different IP.


    Steven Teiger [SBS-MVP(2003-2009)]
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.


    • #3
      Re: 2 sbs domains... 1 subnet?

      Thanks Teiger for those suggestions;

      I've attached 2 "drawings" . Sorry its crude but it shows what I have "existing network" and what I'd like to do "1 nic network". I don't think its a big deal. So I change dhcp. Can't think why a 50/50 dhcp scheme wouldn't work?

      Anyway, I have limited exp on sbs servers and just trying to figure what else I have to consider.
      A major objective I'm going for here, at least for Server 1, hopefully both, is NOT to have all traffic going thru it in a traditional sbs 2 nic style BECAUSE, I want pcs to still have access to internet, printing and their webmail when/if servers are down or bogged down. The router provides a firewall.

      I guess part of the problem is that both servers are not really being used as sbs servers should. There's no exchange email, no rww, no isa etc. If that were the case , then yes, a 2 nic would make sense (even to stubborn me) since all eggs are in one basket anyway.

      Server 1 is setup for testing software. Server2 for general file/print etc. Vpn is on the router along with firewall.. And this works. I'd like to consider an SSL vpn solution but that's a different story. Anyway.....
      Yes, I know for anyone ready to jump on this, "then why are you using an sbs server?? "security violation ahhh!!"
      OK "I" didn't choose it and it ain't about to change. I have no say in that. I'm just a bloke trying to help a small business on a limited time/budget. But he's not about to throw away his sbs servers for something else. Ok that said I suppose I'm looking to see simply what else I would need to do here.

      The other requirement are as I know it are:
      - servers and pcs in both lan must be able to see each other still.
      They can see each other now. With new arrangement, would this just be a matter of adding static routes on router?.
      - Domains cannot be consolidated.
      - printer sharing maintained.

      I hope this makes sense. Just looking for tips. I thank you for your patience and suggestions.

      Attached Files


      • #4
        Re: 2 sbs domains... 1 subnet?

        I am offering you my experience with SBS!
        When SBS discovers another DHCP server on the network it shuts down. 2 SBS's on the same segment - at least one of them will close down.
        My opinion, is that when SBS is down, spend your time getting them back up and not thinking about how to get stations out to the internet. All stations should point to their respective SBS for DNS - otherwise you don't log on to AD. So if SBS is down, you don't get DNS = no internet. Ah, you say, I'll put the router in as Secondary DNS. Fine, but when SBS comes back up, stations will continue to use secondary DNS until rebooted. If you can live with that, please continue - and thanks for your sketches.
        BTW, if you really want help with SBS, depending on your locality, look for an SBSC (Small Business Specialist) on and then CHECK FOR RECOMMENDATIONS from peers.

        Steven Teiger [SBS-MVP(2003-2009)]
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.


        • #5
          Re: 2 sbs domains... 1 subnet?

          Teiger, thanks for that.
          Unfortunately, I don't work at this place. I just visit there once in a while and I get limited time to do anything. Sucks I know...So this is why I'm trying to find redundancies and not have clients lose internet, email etc if there's a server hickup. But its a good learning exp anyway.

          If they were using the sbs servers as intended, I would agree totally with you re: the 2 nic servers, but that's not the case as I see it anyway.
          They are basically, a file/print server and the other is a software testing server.
          Little else. No rww, no exchange, no isa. Internet and webmail is very important to maintain tho.
          The software test server is REALLY busy most of the time crunching sql etc..
          causing internet access, email etc to crawl - I think because all is going thru the dual nic server. Does this make sense?

          The shared cisco router as an adhoc dns backup sounds ok to me. It doesn't have to be complex. So users would have to reboot. No big deal.. They would anyway! Thanks for that suggestion and reminder.

          I guess if I want to maintain dhcp (from sbs servers) on both segments, both domains while both sharing the router, I have a problem - because one will shutdown when it sees the other. This is assuming separate subnets, i.e 1.1 and 2.1
          What the usual way around this ? Anyone?

          I'm wondering can I just use route statements on the router so the 2 servers can see each other. I need that still. But is there a way to block dhcp between them?
          I'm not new to routers, just don't get to work on them much. This is xover to routers I know. Anyone?
          Sorry if I'm vague in some areas but I'm just looking to improve things as described hopefully just by reconfiguring existing network without having to spend huge $ or time on new gear. .

          vlans are out - no managed switches. This a very small network anyway , 5 or 6 people.
          But 2 domains must stay separate. I know, I know, might be stupid but I am just a helper...