Announcement

Collapse
No announcement yet.

Two Win 2K3 servers - network setup help please

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Two Win 2K3 servers - network setup help please

    I’ve been trying to get my network to work by piecing bits of wisdom together gleaned from many helpful people on forums online (including Daniel Petri's), but to no avail. Nothing seems to work so I am posting, as concisely as possible, the following plea for help.

    I want to run mail and web servers behind cable broadband (Comcast, but not service with a static IP although the IP I’ve got hasn’t changed since I’ve been with them) and NAT router (WRT54G with DD-WRT firmware, setup for static IP and DHCP disabled, IP 192.168.1.1). Here’s my current setup:

    Server A – box with 1 GHz CPU/500 MB RAM
    •Win Server 2003 SP1 with DNS setup as a forwarder to an external DNS service (zoneedit.com) pointing to my Comcast-assigned IP
    •Win ISA firewall setup with no restrictions until I get everything else sorted out
    •WAN NIC connected directly to a router port (IP 192.168.1.11; SM 255.255.255.0; Gateway 192.168.1.1; DNS 192.168.1.12)
    •LAN NIC connected to a Netgear FS108 switch (IP 192.168.1.12; SM 255.255.255.0; Gateway blank; DNS 192.168.1.12)

    Server B – box with 1 GHz CPU/1 GB RAM
    •Win Server 2003 SP1 with DHCP setup with scope 192.168.1.100 – 149 to allocate clients’ IPs
    •Domain controller and active directory (mydomain.com properly registered and configured with zoneedit.com DNS server IPs)
    •Exchange 2003 SP2
    •Web server
    •LAN NIC connected to the Netgear switch (IP 192.168.1.13; SM 255.255.255.0; Gateway 192.168.1.1; DNS 192.168.1.12)

    I’ve tried all combinations of connectivity (e.g., Server A WAN NIC to the Netgear switch), IP addresses, RRAS, ICS, etc. Pinging ad nauseum. If this sounds like desperation, it is. Can anyone please critique my work and point me in the right direction? Many thanks.

  • #2
    Re: Two Win 2K3 servers - network setup help please

    What do you mean "•Win ISA firewall setup with no restrictions until I get everything else sorted out"? What rule do you have running that allows no restrictions since bt default ISA 2004 (assuming this is what you are using) provides NO ACCESS by default.

    Does your ISP allow you to run web and mail servers?

    Do Server A & B connect to the same Netgear switch or are they located at different locations?

    Is Server A a DC? (It has DNS but there is no mention of AD)
    Why did you make Server B a DC and put Exchange on it? (Security complications). Did you dcpromo Server B before installing Exchange?

    Sorry but this setup look like a real mess to me. If you do not have data on these machines and want some extra experience, wipe the lot and start again.

    If you want to keep going, make a network diagram with all the devices and IPs and post it in this thread.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Two Win 2K3 servers - network setup help please

      Thanks for the reply.
      1. I installed ISA on Server A and, like you say, discovered the NO ACCESS default setting so I did add one rule negating that to allow Internet access.
      2. No, it doesn't on a residential account like mine. They do offer business accounts with static IPs and more bandwidth choices but for a lot more money. As a hobbyist, I don't really want to go there.
      3. Server B is a DC. And yes, I wondered about the security implications with Exchange loaded as well but I thought having ISA properly configured and Exchange on the same server would be even worse. Not so?
      4. No, I didn't dcpromo before loading Exchange on Server B. I did a clean install of Win 2003, then added the DC role via Manage My Server, then a clean install of Exchange.
      5. Believe me, I'm not adverse to dumping the whole setup and starting over - I've done that several times already.
      6. Gotta go now but I'll post a diagram later. Thanks.

      Comment


      • #4
        Re: Two Win 2K3 servers - network setup help please

        Here's an attached diagram of my current setup, just the latest of many whose outcome has been the same: unworkable.
        Attached Files

        Comment


        • #5
          Re: Two Win 2K3 servers - network setup help please

          ARRRRGH I understand your problem. You need two different subnets for ISA. It's a FIREWALL and you need it to "route" between two subnets. Leave your LAN as 192.168.1.x but change your WAN side to 192.168.0.x, say. That means your Router internal connection and your ISA server External NIC have to be 192.168.0.1 and 192.168.0.2 respectively (example). It's good that all your DNS point to LAN Internal NIC but your LAN gateway needs to be the INternal NIC of your ISA server.
          Hope that's clear!
          Attached Files
          Last edited by teiger; 31st October 2006, 00:50.
          TIA

          Steven Teiger [SBS-MVP(2003-2009)]
          http://www.wintra.co.il/
          sigpic
          I’m honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

          We don’t stop playing because we grow old, we grow old because we stop playing.

          Comment


          • #6
            Re: Two Win 2K3 servers - network setup help please

            Thanks for the tip Steven - I'll post results after I try it.

            Comment


            • #7
              Re: Two Win 2K3 servers - network setup help please

              Happy to report that making the sub-net corrections Steven suggested worked - all three computers (2x servers + one workstation) can now connect to the Internet. Now to configure Exchange and ISA ...

              Comment


              • #8
                Re: Two Win 2K3 servers - network setup help please

                Just a pity you didn't buy Small Business Server Premium Edition to start with - it would have set it all up for you. How many users did you say you had?
                TIA

                Steven Teiger [SBS-MVP(2003-2009)]
                http://www.wintra.co.il/
                sigpic
                I’m honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                We don’t stop playing because we grow old, we grow old because we stop playing.

                Comment

                Working...
                X