Our LAN connects Internet thru SOHA WatchGuard. And due to license
limitation, we decided to separate some pc's from direct connection to
Internet and use WinXP's ICS. So now we have 2 LAN:
1. all client pc's connected to one switch which itself connected to SOHA.
IPs are 192.168.1.X
2. all client pc's connected to second switch and one of pc's runs as
ICS host. This host pc has 2 NIC and 2nd card connected to the 1st
switch. IPs are 192.168.2.X
Finally, both LAN's clients can access Internet but clients
of the 2nd LAN cannot access pc's on the 1st LAN. No ping,
no shared folder access, e.g. \\192.168.1.X command does not
work.
Any ideas?
"Tumurbaatar S." <nospam_tumurbaatar@datacom.mn> wrote in message
news:euAQxxpWEHA.556@tk2msftngp13.phx.gbl...
> Our LAN connects Internet thru SOHA WatchGuard. And due to license
> limitation, we decided to separate some pc's from direct connection to
> Internet and use WinXP's ICS. So now we have 2 LAN:
>
> 1. all client pc's connected to one switch which itself connected to SOHA.
> IPs are 192.168.1.X
>
> 2. all client pc's connected to second switch and one of pc's runs as
> ICS host. This host pc has 2 NIC and 2nd card connected to the 1st
> switch. IPs are 192.168.2.X
>
> Finally, both LAN's clients can access Internet but clients
> of the 2nd LAN cannot access pc's on the 1st LAN. No ping,
> no shared folder access, e.g. \\192.168.1.X command does not
> work.
> Any ideas?
>
>
"Tumurbaatar S." <nospam_tumurbaatar@datacom.mn> wrote in message
news:euAQxxpWEHA.556@tk2msftngp13.phx.gbl...
> Our LAN connects Internet thru SOHA WatchGuard. And due to license
> limitation, we decided to separate some pc's from direct connection to
> Internet and use WinXP's ICS. So now we have 2 LAN:
>
> 1. all client pc's connected to one switch which itself connected to SOHA.
> IPs are 192.168.1.X
>
> 2. all client pc's connected to second switch and one of pc's runs as
> ICS host. This host pc has 2 NIC and 2nd card connected to the 1st
> switch. IPs are 192.168.2.X
>
> Finally, both LAN's clients can access Internet but clients
> of the 2nd LAN cannot access pc's on the 1st LAN. No ping,
> no shared folder access, e.g. \\192.168.1.X command does not
> work.
> Any ideas?
>
>
This is never going to work the way you want.
Not only do you have 2 subnets, ( which we *could* work around ),
but you also have NAT in between them.
The machines on the second subnet are 'hidden' behind ICS,
and are not accessible from the first subnet.
I'd buy the licenses or change the firewall for one that's not license
limited.
--
Best Regards,
Ron Lowe
MS-MVP Windows Networking
Yes, I know that machines on the 2nd LAN hidden for the 1st LAN.
But why they cannot access the machines of the 1st LAN?
>
> This is never going to work the way you want.
>
> Not only do you have 2 subnets, ( which we *could* work around ),
> but you also have NAT in between them.
>
> The machines on the second subnet are 'hidden' behind ICS,
> and are not accessible from the first subnet.
>
> I'd buy the licenses or change the firewall for one that's not license
> limited.
>
> --
> Best Regards,
> Ron Lowe
> MS-MVP Windows Networking
>
>
"Tumurbaatar S." <nospam_tumurbaatar@datacom.mn> wrote in message
news:uk3rx64WEHA.3420@TK2MSFTNGP12.phx.gbl...
> Yes, I know that machines on the 2nd LAN hidden for the 1st LAN.
> But why they cannot access the machines of the 1st LAN?
>
Because the ICS box has a default route pointing out to the Internet,
and it has no knowledge of the second subnet on the local interface.
Any packets directed at it which are not actually for it will NAT
them and forward them to the ISP's gateway.
You might be able to dual-home another of the machines,
Put one NIC in each subnet, and set it up as an IP forwarding
router between the subnets, and then create static routes on each
of the machines to the other subnet.
That would bypass the NAT.
You'd then need to fix up NetBIOS name resolution,
probably using LMHOSTS.
You should be able to map drives between the machines.
Cross-subnet browsing will not work,
because it relies on broadcasts.
--
Best Regards,
Ron Lowe
MS-MVP Windows Networking
ICS and 2 LAN 
Linear Mode
