Makes no sense to me?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello, Please bear with me?

I am in a situation in which I am forced at this time to be by my current
ISP (this will soon change) Here goes:

I have two routers and each is assigned a static Public IP by my ISP.
I have the two routers because MY ISP at this time cannot assign multiple
IP's to a single router/component.

I have two servers and I need them to have two different public IPs which
they have. In order to have the servers networked internally I had to add
another NIC to one of the servers and connect one to Router A and one to
Router B.
I set the IP at 192.168.1.1 for router A and this is the interface in the
browser to access the admin. Router B has the default of 192.168.0.1 to
access the admin.

My problem is from one server I can access all interfaces in the browser.
Going in the opposite direction I can not access but one Interface. However I
can share files. I cannot however get this server to join the DC and I think
it may have to do with this problem. My Xp machines access the DC no problem
and join. The server will not.

Please note that the XP machines are not connected any differently than this
server that cannot join the Domain.

The second NIC in the DC has a IP structure of
192.168.0.5
255.255.255.0
NO GTWY
NO DNS
This is the Nic that is connecting the two routers and ultimately the entire
network.
Any questions or suggestions I would really appreciate it. Sorry for the
long explaination.
Thanks
Joe
 
Your post is a little confusing. A NIC by itself cannot "join two routers". But
not understanding never stopped me before :-)

What I think you want is to have two NICs in EACH server.

One NIC on each server connects to a corresponding router and nothing else.
These are your 192.168.0.* and 192.168.1.* networks.

The other NIC on each server and all the workstations all lconnect to a common,
shared switch defined on a third IP network (say, 192.168.3.*)

Next, enable RRAS (routing services) on the servers. Enable "NAT" routing
(this is required because the routers won't have any idea how to reach the
192.168.3.* network). Define the external side of NAT as the NIC network
that connects to the router.

Set the default gateway IP on the workstations (via DHCP or manually) to the
192.168.3.x address of the server you want to handle that workstation's traffic.
The default gateway on each server is of course the IP of its corresponding router.

Presto. Everything on the LAN can now talk to everything else. (The routers are not able
to see the 192.168.3.* network, but that should not be a problem as the server
NAT takes care of the translation for return traffic.)

There are simpler ways to achieve this. If your routers support defining static networks
on an interface (Linksys calls it "advanced routing", Cisco calls it "secondary networks",
etc.) you can create a configuration where the routers themselves route the traffic in and out
on the LAN side, doing what is sometimes called 'routing on a stick.' This elimiates
the need for routing on the servers.

Another way to do this is to simply interconnect everything to one switch, and open
up the network masks so that devices see everything as part of one LAN. Again, this
is tricky to spell out without knowing a lot of details, and DHCP can be a problem.

It is really hard for me to take you down one of these roads without knowing a whole
lot more about what you have and what you're trying to do. What I described above is a
sort-of general solution that should handle most cases gracefully.

Best of luck.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
 
Hello Steve,

Wow! I thank you This reply is long and I have not tried it yet. But i did
in the interim add another NIC to the other server and connected it to the
router it seems as if I can see everything now however one question before
trying your post.

iIf server A has the same user and password can it join the domain if the
DC also has this identical situation? I say this because these used to be a
workgroup and I am switching over to a AD DC. I converted one to a DC and I
cannot get the other server that is part of the old workgroupo to join.

Thank you very much for your effort and time
Joe
 
Ok.

I read the post and I know it will work but there is no way I can make the
third network. (at least in my view)

This whole fiasco is because of My ISP and two mailservers. One primary and
one backup. This is why i am trying to do this.I need to share the mailboxes
internally.


thank you Steve
Joe
 
Joe said:
Ok.

I read the post and I know it will work but there is no way I can make the
third network. (at least in my view)

This whole fiasco is because of My ISP and two mailservers. One primary and
one backup. This is why i am trying to do this.I need to share the mailboxes
internally.
Click to expand...

"Sharing mailboxes internally" doesn't make any sense,...what does that
mean? Well, forget that for now,...let's deal with the original issues.

I have a completely different take on this, If you want to hear it.

First!...Run one Nic in all computers. Do not put two nics in them.

1. The IP# of the NAT Devices you gave is only the Internal LAN Side of the
Devices,...it is not the real IP# of the Devices as far as the ISP is
concerned.

2. Reconfigure the NAT Devices to use the same IP Range on the Internal LAN
side except use different IP#s. Example, one device would be 192.168.1.1
and the other would be 192.168.1.2. If these NAT Devices are not capable of
letting you configure them this way, then replace them with ones you can
becuase they are not suitable for what you need to do.

3. If they are running a DHCP Service on them then disable that on one of
them and leave it run on the other. However I would recommend not using DHCP
at all from them and run DHCP from one of your suitable Servers.

4. For the Servers you need published to a Public IP#,......They probably
call it by some other name in the NAT Device's documentation,...but you want
to do a Static NAT between one device and one of those Servers. Then repeat
the process between the other NAT Device and the other Server. Each Server
will use the NAT Device it is "associated" with as its Default Gateway.

5. All other machines will use the particular NAT Device for their Default
Gateway according to which Line you want them to use for Internet Access.

Second.....your Domain "joining" and "dependability" stuff.....

1. WINS is still a good idea to keep around. Consider running it on the
DC(s).

2. All machines ( I meant ALL machines) use only the DC's AD/DNS for their
DNS Setting in their TCP/IP config. Do not use any other DNS IP#.

3. On your AD/DNS Server,...add the ISP's DNS IP# as a Forwarder in the
Forwarders List.

This is the standard design technique recommended by MS.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
Hello Phillip,

Thank you for your reply,

Let me digest this a moment and get back to you please.

I think I tried this with the NAT routers and it wouldn't allow me to access
the other admin and it gave the servers the same IP externally.

Let me recheck this first.

Thank you
Joe

Phillip Windell said:
Joe said:
Ok.

I read the post and I know it will work but there is no way I can make the
third network. (at least in my view)

This whole fiasco is because of My ISP and two mailservers. One primary and
one backup. This is why i am trying to do this.I need to share the mailboxes
internally.
Click to expand...

"Sharing mailboxes internally" doesn't make any sense,...what does that
mean? Well, forget that for now,...let's deal with the original issues.

I have a completely different take on this, If you want to hear it.

First!...Run one Nic in all computers. Do not put two nics in them.

1. The IP# of the NAT Devices you gave is only the Internal LAN Side of the
Devices,...it is not the real IP# of the Devices as far as the ISP is
concerned.

2. Reconfigure the NAT Devices to use the same IP Range on the Internal LAN
side except use different IP#s. Example, one device would be 192.168.1.1
and the other would be 192.168.1.2. If these NAT Devices are not capable of
letting you configure them this way, then replace them with ones you can
becuase they are not suitable for what you need to do.

3. If they are running a DHCP Service on them then disable that on one of
them and leave it run on the other. However I would recommend not using DHCP
at all from them and run DHCP from one of your suitable Servers.

4. For the Servers you need published to a Public IP#,......They probably
call it by some other name in the NAT Device's documentation,...but you want
to do a Static NAT between one device and one of those Servers. Then repeat
the process between the other NAT Device and the other Server. Each Server
will use the NAT Device it is "associated" with as its Default Gateway.

5. All other machines will use the particular NAT Device for their Default
Gateway according to which Line you want them to use for Internet Access.

Second.....your Domain "joining" and "dependability" stuff.....

1. WINS is still a good idea to keep around. Consider running it on the
DC(s).

2. All machines ( I meant ALL machines) use only the DC's AD/DNS for their
DNS Setting in their TCP/IP config. Do not use any other DNS IP#.

3. On your AD/DNS Server,...add the ISP's DNS IP# as a Forwarder in the
Forwarders List.

This is the standard design technique recommended by MS.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Click to expand...
 
Hello Phillip

I want to get this a little clearer in my head.

I think I need to expain a little first.In my mind the routers come between
the Servers and the Internet? It didn't seem that way in your post.

I am not sure what is first here the servers or the routers to the internet?
In my setup/Config. It is like this

1) NAT Router A gets ISP IP and DNS and then is translated in to the IP of
192.168.1.6
This is statically set to the AD/DC into one NIC. Router A starting or IP is
192.168.1.1
I have opened ports in the router to pass through the needed ports to this
server.
The Router to the ISP is set like this:

69.65.81.xxx
255.255.255.0
69.65.81.1

24.233.167.167
24.233.167.168


This servers NIC is set like this
IP 192.168.1.6
SB 255.255.255.0
GTWY 192.168.1.1

DNS 192.168.1.6
#####################################################

THe second NIC is like this

IP 192.168.1.4
SB 255.255.255.0
NO GTWY

DNS 192.168.1.6
###################################################


This second NIC connects directly to the other Router B


The other server is the same with a different ISP IP and Internal IP range.

I am not too sure of the post that is what I am trying to get here.

Thank you so much
Joe
Phillip Windell said:
Joe said:
Ok.

I read the post and I know it will work but there is no way I can make the
third network. (at least in my view)

This whole fiasco is because of My ISP and two mailservers. One primary and
one backup. This is why i am trying to do this.I need to share the mailboxes
internally.
Click to expand...

"Sharing mailboxes internally" doesn't make any sense,...what does that
mean? Well, forget that for now,...let's deal with the original issues.

I have a completely different take on this, If you want to hear it.

First!...Run one Nic in all computers. Do not put two nics in them.

1. The IP# of the NAT Devices you gave is only the Internal LAN Side of the
Devices,...it is not the real IP# of the Devices as far as the ISP is
concerned.

2. Reconfigure the NAT Devices to use the same IP Range on the Internal LAN
side except use different IP#s. Example, one device would be 192.168.1.1
and the other would be 192.168.1.2. If these NAT Devices are not capable of
letting you configure them this way, then replace them with ones you can
becuase they are not suitable for what you need to do.

3. If they are running a DHCP Service on them then disable that on one of
them and leave it run on the other. However I would recommend not using DHCP
at all from them and run DHCP from one of your suitable Servers.

4. For the Servers you need published to a Public IP#,......They probably
call it by some other name in the NAT Device's documentation,...but you want
to do a Static NAT between one device and one of those Servers. Then repeat
the process between the other NAT Device and the other Server. Each Server
will use the NAT Device it is "associated" with as its Default Gateway.

5. All other machines will use the particular NAT Device for their Default
Gateway according to which Line you want them to use for Internet Access.

Second.....your Domain "joining" and "dependability" stuff.....

1. WINS is still a good idea to keep around. Consider running it on the
DC(s).

2. All machines ( I meant ALL machines) use only the DC's AD/DNS for their
DNS Setting in their TCP/IP config. Do not use any other DNS IP#.

3. On your AD/DNS Server,...add the ISP's DNS IP# as a Forwarder in the
Forwarders List.

This is the standard design technique recommended by MS.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Click to expand...
 
Hello Phillip,

I do not know how to ask this but maybe you could try again with me on this.
I think I can be much much clearer this time arround if you would like to
help?

Thank you
Joe

Phillip Windell said:
Joe said:
Ok.

I read the post and I know it will work but there is no way I can make the
third network. (at least in my view)

This whole fiasco is because of My ISP and two mailservers. One primary and
one backup. This is why i am trying to do this.I need to share the mailboxes
internally.
Click to expand...

"Sharing mailboxes internally" doesn't make any sense,...what does that
mean? Well, forget that for now,...let's deal with the original issues.

I have a completely different take on this, If you want to hear it.

First!...Run one Nic in all computers. Do not put two nics in them.

1. The IP# of the NAT Devices you gave is only the Internal LAN Side of the
Devices,...it is not the real IP# of the Devices as far as the ISP is
concerned.

2. Reconfigure the NAT Devices to use the same IP Range on the Internal LAN
side except use different IP#s. Example, one device would be 192.168.1.1
and the other would be 192.168.1.2. If these NAT Devices are not capable of
letting you configure them this way, then replace them with ones you can
becuase they are not suitable for what you need to do.

3. If they are running a DHCP Service on them then disable that on one of
them and leave it run on the other. However I would recommend not using DHCP
at all from them and run DHCP from one of your suitable Servers.

4. For the Servers you need published to a Public IP#,......They probably
call it by some other name in the NAT Device's documentation,...but you want
to do a Static NAT between one device and one of those Servers. Then repeat
the process between the other NAT Device and the other Server. Each Server
will use the NAT Device it is "associated" with as its Default Gateway.

5. All other machines will use the particular NAT Device for their Default
Gateway according to which Line you want them to use for Internet Access.

Second.....your Domain "joining" and "dependability" stuff.....

1. WINS is still a good idea to keep around. Consider running it on the
DC(s).

2. All machines ( I meant ALL machines) use only the DC's AD/DNS for their
DNS Setting in their TCP/IP config. Do not use any other DNS IP#.

3. On your AD/DNS Server,...add the ISP's DNS IP# as a Forwarder in the
Forwarders List.

This is the standard design technique recommended by MS.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Click to expand...
 
Joe said:
I do not know how to ask this but maybe you could try again with me on this.
I think I can be much much clearer this time arround if you would like to
help?
Click to expand...

I double checked my previous post. I really can't say it any differently
than I already have. It is as clear and straight-forward as I can make it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
Hello Phillip,

I understand your post to a point but I have a lack of knowledge in an area
that would have been helpfull if I would have asked a question about this.I
am familiar with the DNS being the only DNS in the TCP/IP settings of the
NIC's however I need to ask a few questions to get on the right track.I never
used the routers before this is my problem.

If you want to hear it?


Thakns you
Joe

Phillip Windell said:
Joe said:
I do not know how to ask this but maybe you could try again with me on this.
I think I can be much much clearer this time arround if you would like to
help?
Click to expand...

I double checked my previous post. I really can't say it any differently
than I already have. It is as clear and straight-forward as I can make it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Click to expand...
 
Back
Top