Announcement

Collapse
No announcement yet.

How to remove the double-NAT on SBS2000

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to remove the double-NAT on SBS2000

    Currently my clients SBS2000 server is setup in the standard configuaration with 2 x NICs (1xLAN & 1xExternal). The SBS2000 Server is Routing between the 2 networks, thus creating a double-NAT. Clients on the internal LAN use the SBS internal NIC as their DG and Proxy Server. + are Windows Firewall Clients.

    I need to remove the 2nd NIC on the SBS2000 to create a single NAT'ed internal network. Central office are planning Site to Site VPN tunnels in near future between Cyberguard firewalls and want to be able to ping all hosts across the tunnels. I still want the SBS server to handle DHCP, DNS, Web Proxy. Just not to Route!.

    Heres my list so far, but I guess Im missing some ISA, SBS, Windows Firewall specific stuff.

    Firewall
    Repatch Cyberguard onto main switch
    Readdress Cyberguard Firewall so in internal network range
    Edit PAT rules on Cyberguard to direct 25 & 443 to the LAN interface on the SBS2000

    SBS2000 Server -
    Backup ISA config and System State!
    Disable SBS2000 External NIC
    Change the Default Gateway of the LAN side nic to the new firewall
    Change and the DG of clients in the DHCP scope to point to the newly addressed Firewall

    Any help muchly appreciated!!
    Cheers
    String
    Sydney Aus

  • #2
    You may have a major problem here as your DNS/AD/DHCP are all linked to your internal NIC (default 192.168.16.2).
    Here is my list:
    Make sure you have a good backup
    Make sure you have another good backup
    Disabale one NIC
    Set the desired fixed IP on the NIC that is still enabled
    Delete and reinstall DNS as an AD linked zone
    Rerun the ICW wizard
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Thanks teiger..
      Actually it went just like clockwork.. Running thru the ICW after disabling the external nic worked a treat. All I had to do is manually change the DG in the DHCP scope to point to the router not the SBS Server. I also checked thru DNS carefully however no changes needed as all SRV records point to hostnames and not IP addresses.

      Thanks for your reply.
      Best
      String

      Comment


      • #4
        Please make sure your DHCP points all stations' DNS setting to the SBS server IP and that you are now in a less secure setup as you no longer have the SBS server firewall offering your LAN any protection. Check out
        http://www.smallbizserver.net/Default.aspx?tabid=156
        for further details.
        TIA

        Steven Teiger [SBS-MVP(2003-2009)]
        http://www.wintra.co.il/
        sigpic
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.

        Comment

        Working...
        X