Migrating to other IP adress 2

[Jente]

Hi all,

The current network topology at our company is the following;

The internet modem contains a router for several PC's. This is remotely managed by our ISP. All clients (including our Windows 2000 SBS)are connected to that router. Our ISP has set up a subnetmask of 255.255.255.240, to limit the number of clients. Our company is getting bigger, so more clients need to be on the network simulteanous.

I've come up with the following idea: to place a hardwarerouter between the modem and the server, and a switch between the server and the clients. That way we can manage our subnet ourselves and add much more client pc's. The subnet and thus the IP range changes then...

The windows 2000 sbs does the following tasks;

* Active Directory
* PDC
* Exchange 2000 server
* DNS
* APACHE+php+mysql
* DHCP

As you might know already, I'd like to make the change as smooth as possible. Can anyone help me to make a checklist of settings I have to change in order to keep it all working? That would be very nice!

thanks in advance,

Jente

 

[markdmac]

How many NICs do you have in the SBS Server? You need to be very careful with changing the IP on SBS, it really HATES that.

If you have 2 NICs then you should not have any real trouble. Just reconfigure the Internet NIC and all should be fine.

If you have only one then I would suggest that you do your best to keep it at the same I as it currently has. Reconfigure the ISP hardware and your new router to allow this.

If you MUST change the IP on the server, you are in for a real fun time. Check EVERYWHERE that the IP is. DHCP, DNS WINS, AD, Registry and change it. Be prepared for problems because as already stated, SBS does not like it when you do this.

Make sure you have a good backup before you do any changes.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Jente]

Mark,

First I would like to thank you for your fast response. I just "discovered" this forum, and I'm glad to be here.

Currently I use one NIC in that server. But since the DHCP-server of the modem/router has got the IP 192.168.1.1 and gives IP from 192.168.1.2 to 192.168.1.14 I don't think it's possible to keep the current IP. Or am I missing something here? (the SBS has an IP of 192.168.1.2)

Greets,

Jente

 

[markdmac]

I've been in a similar situation and we solved it this way.

Change the ISP modem to issue 10.0.0.x addresses. Configure your new Router/Firewall to use DHCP on the internet side, use static on the LAN side. Set the Router to 192.168.1.1.

Your server should be using a static IP and not DHCP.

Set your DHCP scope to start at 192.168.1.5 and extend to 192.168.1.80. (With SBS2k you can't have more than 50 clients, on SBS2K3 it is 75) so adjust the range accordingly. Pad a few extra IPs for network printers.

You will want to use port forwarding on the new Router. minimum ports you will want to redirect are:

SMTP 25
RDP 3389


I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Jente]

Tnx for the fast reply. But we do not have access to the routerfunctionality of the modem. All that is remotely configured by our ISP (otherwise we could change the subnet manually). Is there any other way without having to ask our ISP for that change? And if there istn't, what motivation can I give for that change request?

tnx in advance!

 

[markdmac]

What kind of modem is it? Many of them have generic passwords.

I would think your ISP should be willing to change it for you if they won't give you access to the modem config.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Jente]

It's a FlowPoint/2025-12 ATM25 Router. Can you do anything with that info?

If not, I'll contact my ISP in the morning. (It's night here at the moment)

Greets,

Jente

 

[markdmac]

Sorry I have not heard of that one.

Hopefully your ISP will be cooperative. Good luck!

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[dearingkr]

Here's how to set it up...

You'll need a second NIC in your SBS server, if it doesn't have another one, get one and install it.

|========|
| ISP Router |
|========|-IP 192.168.1.1/28
|
|
|========|-IP 192.168.1.2/28
| |
| SBS Server |
| |
|========|-IP 192.168.2.1/24
|
|
|=======|
| Switch |
|=======|
|
|
Client PCs - DHCP - IP range 192.168.2.101-199
- Subnet mask 255.255.255.0
- DNS 192.168.2.1

Your SBS also comes with ISA.
Install ISA in cache mode.
All client traffic is routed through SBS server (w/ISA)
configure DNS on SBS Server with the ISP's DNS as Forwarders


MCSE CCNA CCDA

 

[markdmac]

dearingkr is missing part of the requirement here but has hit on a good idea. Introduce the new router and a second NIC.

Have the new NIC connect to the new router and set the existing NIC to be a static IP remaining the same as it is now.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[dearingkr]

I guess we'll just have to agree to disagree.

I have many clients set up this way.

MCSE CCNA CCDA

 

[markdmac]

dearingkr, That wasn't intended as a slam. If you take a look above you will see that part of the request was to install a new router in between the server and the ISP modem.

Regards,

Mark

 

[dearingkr]

markdmac,
No problem. I didnt take it as a slam. Sorry if I came across that way.

Inserting a new router between the ISP router and the rest of the network is certainly a good solution that will work very well and may be simpler to implement.

I guess I'm just partial to using SBS to it's full capabilities. ISA is a already a part of SBS and gives you alot of added capabilites. And of course, the purchase of an additional piece of hardware (new router) is not necessary.

Having said that, the router solution is probably easier to implement.

MCSE CCNA CCDA

 

[Jente]

Tnx dearingkr, for putting a new sight on this all. I'd like to add some "comments".

our SBS 2000 server has been installed by a "professional company". That happened before I started to work here. I noticed that they just left us with the default settings of all programs installed. For example, the smtp service was configured for open relay, etcetera.

I have a contract as "learnboy". That means I go to school 1 day a week, and work in this company the other days, at a very low salary. But, I learn a lot, so I'm not complainting. I started to "reconfigure" the server, and at this point all is going well, but I do not have the arrogance to say I'm an expert (certainly not at serverenvironments.

My experience in ISA is zero. But I'd like to learn in offcourse. My only question is if that is possible in selfstudy and relatively short amount of time? If that is possible, I'd like to choose your solution (because I will learn a lot more from that I think)

Can someone answer those questions?

Thanks in advance!

 

[dearingkr]

It sounds like you're just getting started in this field.
If that's true, you've certainly got the right attitude.

The first day of work in this field, my boss said something that I always pass on to new people working for me:

"In the IT field, if you're not learning, you're falling behind"

OK, I'll get off my soapbox now.

There are many excellent sources of information to learn ISA.

The best ones I've found are...
Microsoft

http://www.microsoft.com/isaserver

ISASERVER.ORG

http://www.isaserver.org/

And of course, there is a ISA server forum here on Tek-Tips

http://www.tek-tips.com/threadminder.cfm?spid=802

MCSE CCNA CCDA

 

[Jente]

Hi,

Indeed, I'm just getting started in serverthings. I have quite good experience in desktop systems, but just getting started at servers... And indeed, extremely willing to learn...

I'll have a look at the links you provided. Tnx for all the help!

 

[markdmac]

Jente,

Something else to consider as you move forward. If you plan to upgrade to SBS2003, you will need to decide if you need SQL. If you don't, then the more economical upgrade will be to go to SBS 2003 Standard Edition which does NOT include ISA. So you would be back to neeeding to install the Router/Firewall for security reasons.

dearingkr has passed on some good advice. I'll add some of my own as well. I've always said that if I end my day and have not learned something, I should never have gotten out of bed that morning.

ISA is a great product, but the problem with ISA in SBS is that for most small businesses they either want to totally lock out the Internet or totally allow Internet access. If this is the case at your company, then you won't be using ISA to its fullest and your learning experience will be limited to a one time configuration. Using the hardware option you could remove ISA from the server and free up a little system memory & disk space.

I have customers using both the hardware option and ISA. As we have been upgrading customers to SBS 2003, many are choosing to go with Standard Edition to save the extra money if they don't need SQL.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Jente]

Mark,

Again, thank you for your enlightning answer. Just by checking out this forum, I already learned a lot. So really thanks.

About our company; the goal of using ISA here is also to block certain types of traffic (streaming audio and so on). So if I understand you correctly, the use of ISA would be worth it in this case?

We aren't currently planning to upgrade our server to SBS2003.

No matter what, I will seriously consider all options before making the final decision. I'm very open to any suggestions you might give me.

Best regards,

Jente

 

[markdmac]

Yes, it sounds like you would use ISA for more of what it can do. That being the case, you will probably need to go with SBS 2003 Premium which will give you the ISA/SQL options.

Some neat stuff you might want to look at is destination sets. You can allow restricted users access to some select Internet sites while allowing others unlimitted access. This can be a useful tool if you have someone who can't be trusted not to abuse the priviledge of having Internet access.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark