Smallbusiness Network Setup

I have a Comcast business gateway/router, a Netgear VPN firewall (FVS318N), Windows 2003 server, and a Netgear 24 port switch. What is the best way of connecting these together? I am thinking of disabling DHCP on the Comcast Box, connecting it to WAN port of the Netgear VPN running DHCP, then to the 24 port switch and from the switch to the Server. Should I run DHCP on the Netgear VPN or on the 2003 Server machine? The server machine will just be just be used for Active Directory, and IIS. Also, If I do run DHCP on the server would I just connect it the same way mentioned above and just disable DHCP on the Netgear VPN? As far as IP addresses, I would use on the Netgear VPN, then start DHCP at setup static addresses of 192.168.2/10 and assign the server Is this correct?

  1. I would run the DHCP on your server since you can. It tends to have other features you can use in the future if you choose that are tied to DHCP. There are features of active director that make it nice when the DHCP is on the same server. But it really doesn't matter.

    I would run the comcast box as a bridge. This in addition to disabling the DHCP also disable the NAT and other things that device is doing. Is best to only have a single router in the path just to keep things simple.

    Although the way you wrote your IP addresses means something very different to a network engineer than what you really mean you are correct about the ip assignments.
  2. Bill, thank you for your reply. If I completely eliminate the Netgear VPN firewall, would I have a network connection from the comcast box > NIC 1 on the server > NIC 2 to the 24 port switch then the clients to the switch? If I do this, what would my IP configuration be on the 2 nic cards. I do need the clients to have access to the internet and VPN access to the network.
    That is called ICS. I would not recommend making your server into a router.

    If you want to not use the netgear you would just plug your switch into the comcast and plug everything in the switch and use the comcast as the router. You can still disable the dhcp and use your server that is a completely different question, you would just configure the server to tell the PC the gateway address is the router and whatever DNS stuff you want. The key reason many people use a microsoft server as a DHCP rather than a router is you can push a number of optional microsoft only parameters that let set option in the PC.

    Now if you need to keep the netscreen. You would set the comcast to bridge mode. Cable it to the wan port of the netgear, Then cable the lan port of the netgear to the switch and cable everything to the switch. The "router" would now be the netgear. The added advantage to this is if you actually needed to build VPN tunnels from the netgear itself it will be much easier. The DHCP question is still the same, the netgear can do it or you can do it on your server the cabling is the same no matter.
