Options
Setting up Routing and Remote Access with SBS 2003.
I never seem to have any trouble setting up Routing and Remote Access for a regular 2000 or 2003 server. However, 2003 SBS or SBS in general is really picky and seems as though it doesnt want to work.
I currently have a router with an external address of 216.67.32.x and it provides NAT translation to 192.168.0.1 on the device. This device also allows me to setup a public LAN with gateway 192.168.1.1. I then have my office network setup with 192.168.0.2-192.168.0.10 for my server and desktop clients. I have my demo room setup on the 192.168.1.1 network and they can get online and access all resources on that gateway just fine. When I try and input a secondary ip address on my server, it doesnt matter what I specify I get a pop up message stating the following;
Microsoft TCP/IP
Warning- Multiple default gateways are intended to provide redundancy to a single network (such as an intranet or the Internet). They will not function properly when the gateways are on two separate, disjoint networks (such as on on your Intranet and one on the Internet). Do you want to save this configuration?
Yes No
I want to save the network settings on this second network card because I want people outside the network to be able to dial in to the VPN connection.
What can be done? If I hit yes it totally kills the network connection to all computers within the office and the server itself.
I currently have 192.168.0.10 for the first NIC on the server and I want to setup 192.168.1.10 for the second NIC on the server.
Thanks for the help.
I currently have a router with an external address of 216.67.32.x and it provides NAT translation to 192.168.0.1 on the device. This device also allows me to setup a public LAN with gateway 192.168.1.1. I then have my office network setup with 192.168.0.2-192.168.0.10 for my server and desktop clients. I have my demo room setup on the 192.168.1.1 network and they can get online and access all resources on that gateway just fine. When I try and input a secondary ip address on my server, it doesnt matter what I specify I get a pop up message stating the following;
Microsoft TCP/IP
Warning- Multiple default gateways are intended to provide redundancy to a single network (such as an intranet or the Internet). They will not function properly when the gateways are on two separate, disjoint networks (such as on on your Intranet and one on the Internet). Do you want to save this configuration?
Yes No
I want to save the network settings on this second network card because I want people outside the network to be able to dial in to the VPN connection.
What can be done? If I hit yes it totally kills the network connection to all computers within the office and the server itself.
I currently have 192.168.0.10 for the first NIC on the server and I want to setup 192.168.1.10 for the second NIC on the server.
Thanks for the help.
Comments
-
Options
Danman32
Member Posts: 1,243
So you didn't really mean a secondary IP as in 2 IPs on the same subnet, but rather multi-homed, one IP on each interface I assume?
You should have only one default gateway, so on one of the interfaces, you would leave the gateway blank.
SBS is pretty much regular 2003 OS, with some added stuff to help prevent a novice from shooting himself in the foot. The only limitation I am aware of is that you can only have one SBS server in the forest.
However, if you have SBS enterprise, you could have installed ISA, which I have little experience with. Because of ISA, SBS certainly allows for multiple interfaces on different subnets.
RRAS should work as usual with SBS. -
OptionsTechJunky
Member Posts: 881
I will try that...
So my interfaces should like like this...
IP Address: 192.168.0.10
Subnet Mask: 255.255.255.0
Default Gatewat: 192.168.0.1
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Defualt Gateway:
And I always specify my DNS...
192.168.0.10
192.168.0.1 -
OptionsTechJunky
Member Posts: 881
I terminal serviced in and it looks like it took.
Thanks a lot for that tip.
Any idea why you cant have more than 1 gateway per computer?
If the nics are totally seperate they should each have presidence on how they want their route paths to take. That's what I always thought atleast. I didnt know you couldnt decide to seperate the two. -
OptionsDanman32
Member Posts: 1,243
Well, remember, you're working off a routing table, with the default in the table being your default gateway. If you have two default ways out, you're basically a two headed dragon with each head wanting to go in a different direction.
Fortunately, only one default gateway will actually be used, unless it fails, then the other one will be used. By failed means its IP is unreachable. If it is reachable, but it is not the direction your packet is supposed to go, it won't go.
On top of that, the next hop out should be in the same subnet as the IP of the interface that the packet will be exiting from. If you have 2 default gateways on different interfaces, it is possible, though not probable, that the packet may try to leave the wrong interface to get to the next hop.
It probably would have been clearer if the default gateway was not configured at the interface, but in a dialog common to all interfaces. The DNS should have been the same way, as the DNS server should be global to the system, not specific to the interface.
Which brings me to another thing. You have 2 DNS servers specified. Are both IPs specified for DNS running DNS that have records for your AD? If not, then you may be ending up trying to resolve your domain and DCs (and the services they support) using a DNS that doesn't have the data. A DNS client will use a DNS server unless and until that server does not respond. A negative answer of 'I don't know' is still an answer and will continue to be used.
In an AD domain, all hosts should be exclusively pointing to the DNS server or servers that are hosting DNS records for the AD domain and nothing else. This is a common mistake administrators make.
Now the DNS servers for AD could have their forwarders set to forward unresolvable requests to the internet. -
OptionsTechJunky
Member Posts: 881
With that being said I should change my ip address on interface 2 to something on the 192.168.0.1 range instead of putting a 192.168.1.1 range ip address due to the fact that the gateway is 192.168.0.1.
I tried with the 192.168.1.10 on the second card... I am able to get inside the VPN connection, but then everyone else within the network cannot access anything. It's like the Net card 1 becomes inaccesable. I cannot then ping 192.168.0.10 of the NIC 1 card.
So this is my plan, NIC1 = 192.168.0.10 NIC2=192.168.0.9
Let me know if this should work... I have multiple servers setup at my house with VPN enabled and I never have a problem. This SBS server is just being picky. -
OptionsDanman32
Member Posts: 1,243
That will definitely cause a two headed dragon with each head wanting to go a different way.
You want 2 networks to have the same subnet? How are you going to distinguish one network from the other?
