external subnet same as internal subnet

We have had a SBS2003 server setup for years now on the 192.168.1.x/24 subnet.
With the increased availability of DSL, more and more people are getting DSL
with routers configured with the same subnet. Obviously when the guys connect
via VPN they cannot browse the server etc as the adsl routers are on the same
subnet and dont route the requests over the VPN tunnel.
We have dual NICS in the server and I was considering assigning a completely
different IP address to the second NIC, setting up a matching Remote Access
DHCP scope and modifying the Netscreen Firewall rules to alllow traffic flow.
Will this work or is it going to cause more trouble. does anyone have a
simpler solution?

 

Simple,

Use the IP Change wizard This Friday at the end of the day.
Have everyone reboot and get the new IP's
and change the Static IP's of your Printers and other servers.

Try 192.168.16.xxx

That's a standard SBS range.



Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
World Wide Remote SBS2003 Support - http://www.SBITS.Biz
Information on Small Business Server 2008 - http://www.sbs2008.com
Information on Essentials Business Server - http://www.ebs2008.com



-

 

Or use something else entirely....

Reserved IP addresses for private networks

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

I use 172.16 ...... most of the time as it is far less likely to be used
anywhere.

 

UH Sorry to disagree but I wouldn't use
192.168.0.xxx

Because is a common router default



Sorry Lan, and good morning.
It's 5:14am (I've been up all night LOL)

Russ


--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
World Wide Remote SBS2003 Support - http://www.SBITS.Biz
Information on Small Business Server 2008 - http://www.sbs2008.com
Information on Essentials Business Server - http://www.ebs2008.com



-

"Lanwench [MVP - Exchange]"

 

Thanks Guys,
I know I can change all the IP addreses, but the problem is we have two
sites in different countries running off this SBS server linked by a VPN
through netscreen firewalls. It can be done as you say but would the other
method of using a 2nd IP address work?

 

You can use a second NIC for what you like, but you will be fighting the
SBS wizards. As far as they are concerned, with two NICs, one is inside
the LAN and one is very definitely outside, and the firewall is
configured appropriately. You can override the wizards, but they will
bite you when you least expect it. SBS is *not* Windows Server, it's a
custom OS based on it.

But it wouldn't work anyway. Routing has to work at both ends, and if
the SBS can see two different routes to what is apparently the same
subnet, it will pick the cheaper, or if of equal cost, the higher in the
routing table. It will never send anything by the other route, unless
the first become unreachable. The point about the subnets being
different is that no interface on any of the machines involved can have
an address in the same subnet as any of the remote subnets to be
reached, and therefore are present in that machine's routing table.

There really isn't any substitute for different network addresses
everywhere.

 

LW was not suggesting to use 192.168.0.x, she simply outlined the full
range of defined private IP addresses (well, almost, she didn't mention
the APIPA range of 169.254.x.x)

Her suggestion was one of the 172.16-31.x.x blocks.

 

That's ok, when you change the subnet, you'll update all the netscreens.

No.

You need to change either the corporate subnets, or all the remote users
subnets. You choose.

 

Thanks Guys for all your advice. I will now have to do a thorough check of
our IP addressing in both countries as I don't want to be cut off half way
through the change. I really appreciate you taking the time to answer my
question.