Router or Server for Internet Sharing

[A. Blundon]

We have an Instant Internet Rounter and a single Win 2000 server. The
server performs DHCP. The II "shares" the internet between the clients
(and the server). The server, II and the clients are connected to a
couple of switches/hubs.

Would it be better to install a second NIC in the server, then redirect
the II router to the new server NIC? Internet would then flow through
the server rather than the router. The router would act purly as a
firewall and the server would be responsible for sharing the internet.

Current setup:
DSL -> II Router -> Hub/Switch -> Clients/Server

Proposed setup:
DSL -> II Router -> Server -> Hub/Switch -> Clients

The router provides some sharing options for users, however it requires
a program to be installed on the clients. I assume that the thru
server method would provide more flexibility with respect to this.

Thanks,
AB

 

[Doug Sherman [MVP]]

The router probably has more ability to control client Internet access than
the native capability of a Win2k RRAS/NAT server. If you want more granular
Internet access control than the router provides, you need MS ISA or some
third party proxy server.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

 

[Phillip Windell]

We have an Instant Internet Rounter and a single Win 2000 server. The
server performs DHCP. The II "shares" the internet between the clients
(and the server). The server, II and the clients are connected to a
couple of switches/hubs.

Would it be better to install a second NIC in the server, then redirect
the II router to the new server NIC?
Internet would then flow through
the server rather than the router. The router would act purly as a
firewall and the server would be responsible for sharing the internet.

There is no real advantage to doing that and it would only needlessly
complicate the network. Now if you wanted to buy ISA Server 2004 and run it
on the Server with a Back-to-Back DMZ between the ISA and the the current
Internet NAT Device,...then that would be a little different. But even then,
the B2B DMZ would needlessly complicate the network unless you had a real
reason for creating and running such a thing.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

 

[A. Blundon]

I guess my next questions would be...what would you recommend here?
The access control capability of the router is a little limited.

AB

 

[Phillip Windell]

Replace the "router" with the ISA.
Use a simple DSL Modem (has no IP#, doesn't do NAT) to adapt the phone line
to the External Nic of the ISA.

This maintains your same network design with the least amount of changes.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp