I recently got a call from a friend who was having a problem
with his Microsoft Small Business Server network that his local VAR
was unable to solve. The problem seemed challenging enough that I wanted to
take a look for myself.
In a nutshell, the problem consisted of his desktop PCs experiencing “blackouts”
of Internet connectivity—what’s worse is those blackouts were random and
sometimes rolling from PC to PC. One minute, one PC would lose connectivity to
the Internet. Then you would go to another PC and the same thing would happen.
Then a few minutes later, the original PC would start working again. All the
while, connectivity to the server worked absolutely fine.
The problem had existed for several months and was slowly getting worse. He
had his local VAR in a number of times, and
the problem still went unresolved. Eventually the VAR
blamed the problem on the broadband connection and could offer no fix.
I popped into my friend’s office and took a quick look around—it was a
typical SBS2003 installation, with a DSL
connection for the Internet, but the server used a single NIC card and all of
the PCs and the server were plugged into the same switch, which was then
connected to a Cisco PIX 50 security router. Right off the bat, I thought that
the networking setup was the culprit. To follow through on my assumption I
telneted into the Cisco PIX and took a look at the license and the translation
table.
The PIX had a 10-user license, and that was the real problem here. I
performed a “show xlate” command and could see that all of the connections
under the license were being used. Unlike other router vendors, the license for
the PIX counted the number of IP addresses trying to access the Internet. Most
other VPN routers on the market base their licenses on concurrent VPN
connections. Those that work only occasionally with the Cisco PIX assume that
it is the same under Cisco’s licensing, but the Cisco PIX license is based on
concurrent connections to the Internet. That said, the easy fix would have been
just to upgrade the license for the Cisco PIX and be done with it.
That would have been an easy sale for my friend’s VAR,
only if the VAR had been fully familiar with
the products he was selling. What’s more, a temporary fix could have been to
add a second NIC card to the server and use SBS2003’s
built-in routing and firewall (along with NAT
translation) to connect the PCs out to the Internet via the DSL
connection. If the VAR really wanted to fix
this in a slick fashion, he could have combined the routing of SBS
with the outbound/inbound firewall capabilities of the Cisco PIX. That way only
one IP address would be used for the Cisco PIX.
The moral of the story here is to know what you sell, how to integrate it
and how to support it; otherwise you are throwing add-on sales along with
customers out the window.
Subscribe for updates!