Server 2019 - Active Directory

**slimslob** · 08-19-2022, 06:30 PM

Re: Server 2019 - Active Directory

Originally posted by BillyCarpenter

How exactly would that be set up? The way it was set up, there was no cabling from the ISP router to the patch panel. The 2 routers (ISP & Linksys) were connected via WAN ports and all PC's were connected to the LinkSys router.

The only way I can think to make your scenario work is to create a seperate VLAN for the phones and set up another DHCP pool to assign addresses in ISP range.

It's kinda confusing to me. I'm not gonna lie.

Unless the VOIP beds to access individual computers associated with individual phones, you could have connected a work group switch to the router, connect the Linksys to one port and the VOIP to another. I have done similar when 2 or more companies in the same building want to share the cost of an ISP connection.

**BillyCarpenter** · 08-20-2022, 05:28 AM

Re: Server 2019 - Active Directory

I've been reading up on double nat and I simply don't see how running the VOIP system off the ISP router would solve my problem.

For one thing, the VOIP phones plug into the CAT 5 wall jack at the person's desk and their computer plugs into the phone. That means that the PC's and phones would be getting a DHCP address from the ISP router. And that means the PC's would be on a different subnet from the domain controller.

What am I missing?

Through my reseach I have read about different solutions and one of those is:

Another possible solution:

One way to compensate for double NAT is to set up separate port forwarding rules on each device so that incoming traffic is shepherded through both layers of NAT. So for example, on the first NAT device (the one closest to your Internet connection) forward the port(s) you need to the IP address of your

**BillyCarpenter** · 08-20-2022, 06:30 AM

Re: Server 2019 - Active Directory

The problem with doube NAT is that you can't port forward.

Side note: It's really not NAT we're talking about but PAT. I'll call it NAT....only because PAT is a form of NAT. But it's really PAT. For the record.

Anyway, when you try to port forward when 2 routers are NAT'ing, the packets will be dropped because they don't recogize the IP address.

It was suggested that I run the VOIP system off the ISP router and leave the domain controller on the Linksys router. That won't work, though.

The only way it would work in my scarnio is to create a seperate VLAN and implement inter-vlan routing. That would work. (Also set up a seperate DHCP pool.)

However, best practive would be to elimate the double natting instead of doing a work-around.

Feel free to correct me because I'm probably over-thinking it. lol

**BillyCarpenter** · 08-20-2022, 06:37 AM

Re: Server 2019 - Active Directory

Before someone jumps in and says that you can port foward with 2 routers. That's true, but you'd have to set up port fowarding on both routers for every port that you want to forward.

**slimslob** · 08-20-2022, 06:49 AM

Re: Server 2019 - Active Directory

Originally posted by BillyCarpenter

I've been reading up on double nat and I simply don't see how running the VOIP system off the ISP router would solve my problem.

For one thing, the VOIP phones plug into the CAT 5 wall jack at the person's desk and their computer plugs into the phone. That means that the PC's and phones would be getting a DHCP address from the ISP router. And that means the PC's would be on a different subnet from the domain controller.

What am I missing?

Very common procedure for VOIP phones that are sent for the "customer" to install. The phone manufacturer know that most desks where there is going to be a phone already have a network connected computer. It prevents the customer needing to have someone come out and run new network outlets.

**BillyCarpenter** · 08-20-2022, 07:16 AM

Re: Server 2019 - Active Directory

Originally posted by slimslob

Very common procedure for VOIP phones that are sent for the "customer" to install. The phone manufacturer know that most desks where there is going to be a phone already have a network connected computer. It prevents the customer needing to have someone come out and run new network outlets.

Irrelevant in my situation. Whether it's the "customer" or "me", it won't work. Not unless I'm willing to run a new network drop to each room in the school. No way, no how. lol

**BillyCarpenter** · 08-20-2022, 07:20 AM

Re: Server 2019 - Active Directory

The truth is that the guy that set this network up made a mistake when he installed the 2nd router. He should have contracted the ISP provider and had them to put their router in bridge mode. If that wasn't possible, he should have made the Linksys router an access point. But he didn't and I had to clean up the mess.

**techsxge** · 08-20-2022, 11:33 AM

Re: Server 2019 - Active Directory

Originally posted by BillyCarpenter

Irrelevant in my situation. Whether it's the "customer" or "me", it won't work. Not unless I'm willing to run a new network drop to each room in the school. No way, no how. lol

For that reason i always have the following setup:
- One Lan Outlet
- 5-Port or 10-Port Lan switch
- A Docking Station

With this setup you are able to cover almost any future expansions. Only had 1 time thwt this wasnt enough and i meeded to spend money on a usb panel

**techsxge** · 08-20-2022, 11:35 AM

Re: Server 2019 - Active Directory

Originally posted by BillyCarpenter

Before someone jumps in and says that you can port foward with 2 routers. That's true, but you'd have to set up port fowarding on both routers for every port that you want to forward.

Or forward all as a basic rule and then blacklist the ones you dont want to forward.

**BillyCarpenter** · 08-20-2022, 01:16 PM

Re: Server 2019 - Active Directory

Originally posted by techsxge

Or forward all as a basic rule and then blacklist the ones you dont want to forward.

You'd still have to forward the ports on both routers. In fact, we could add 3 routers and create triple natting and it would work. We'd just have to port forward on all 3 routers.

**BillyCarpenter** · 08-20-2022, 01:22 PM

Re: Server 2019 - Active Directory

I'm gonna ramble here for a second so.....

First, I'm not entirely sure that I have everything quite figured out as to the workarounds that were suggested. rthonpm offered up a solution and I REALLY REALLY trust what he says. He's helped me out so many times in the past and he's never been wrong. Ever.

Next, this has been a great learning experience for me. One thing about networking is that the only way to learn is to encounter a problem. Without a problem, there's nothing to learn.

One thing is for sure. If I ever run into double natting in the future, I know what to do.

**techsxge** · 08-20-2022, 01:29 PM

Re: Server 2019 - Active Directory

Originally posted by BillyCarpenter

You'd still have to forward the ports on both routers. In fact, we could add 3 routers and create triple natting and it would work. We'd just have to port forward on all 3 routers.

if you prort forwards from router to router, have fun with the network loop you are creating.

**BillyCarpenter** · 08-20-2022, 01:34 PM

Re: Server 2019 - Active Directory

Originally posted by techsxge

if you prort forwards from router to router, have fun with the network loop you are creating.

A network loop is usually created at the switch because there is more than one path between 2 endpoints. That's where spanning tree is needed.

Port forwarding on multiple routers doesn't create a network loop as best as I can tell. Please explain.

**slimslob** · 08-20-2022, 04:21 PM

Re: Server 2019 - Active Directory

Originally posted by techsxge

For that reason i always have the following setup:
- One Lan Outlet
- 5-Port or 10-Port Lan switch
- A Docking Station

With this setup you are able to cover almost any future expansions. Only had 1 time thwt this wasnt enough and i meeded to spend money on a usb panel

And when you get a new customer who is already setup differently?

**slimslob** · 08-20-2022, 04:31 PM

Re: Server 2019 - Active Directory

Originally posted by BillyCarpenter

A network loop is usually created at the switch because there is more than one path between 2 endpoints. That's where spanning tree is needed.

Port forwarding on multiple routers doesn't create a network loop as best as I can tell. Please explain.

techsxge profile indicates that he is a bsm2 type know it all IT tech from Germany and doesn't have anywhere the knowledge of a CCNA.

Server 2019 - Active Directory

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment