Solved

Routing between two networks, two different entities

Posted on 2003-11-26
8
1,162 Views
Last Modified: 2010-04-17
I'll try to explain as simply as I can, even though it is rather convoluted:

Two entities , a small office and a large office,  that are in buildings across a parking lot from each other and have ethernet running between their two buildings.  Currently, there is a Dlink NAT router between the two offices which allows access from one pc to the larger office.  The large office has a host system that must see a unique IP from each host, or it won't allow a login.   Their needs have changed recently and the small office now needs access for several pc's to this host system next door.  The administrator for the large office wants the smaller office to install a Cisco dual ethernet, and to re-address their space.  The small office doesn't want to re-address their space since they also have a couple of VPN's to other entities.

As a solution, could I just add a secondary ethernet address to the Cisco?  If so, would I then add a second NIC (they all have Win2k Pro) to any pc that needs access to the host system at the large office?  Or is there an easier way?  The administrator from the large office has recommended setting up static NAT addressing on the Cisco, but I see that as more potentially more complicated.

Thanks
0
Comment
Question by:wesvt1
  • 3
  • 3
  • 2
8 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 25 total points
ID: 9824314
Yes, you could add a secondary IP address to your ethernet interface on the router.  In Windows 2000 you can also simply add a second IP address to the NIC in the computers that need access to the large office.  This will save you from buying and installing second NIC's.
0
 
LVL 7

Accepted Solution

by:
NicBrey earned 100 total points
ID: 9824364
No, this can be done easily on the Cisco router without changing/adding anything on the existing LAN.
You can create a NAT pool on the Cisco that contains the addresses of what the other administrator wanted to re-address the network to.
Then you can create a dinamic NAT solution so that an IP address from the internal network will dinamicaly be NATTED to one of the addresses in the NAT pool.

This is really the easiest way to do this - once configured, you will not have to touch it unless the NAT pool runs out of addresses. That can be prevented by creating a large enough pool from the start.

Feel free to ask if you do not understand completely what I meant.

Nic
0
 

Author Comment

by:wesvt1
ID: 9824939
Quick answers guys.... Thank you.

I forgot that with Win2k with static IP's you could multiple addresses under the advanced setting.  

Since I'm not a Cisco expert, seems adding the secondary ethernet address space and statically setting up the clients is easier than doing the "dynamic NAT" solution....  (Or easier for me that is)     So given this information, would both methods be a good solution for a solid, reliable networking environment?  I would hate to do the dynamic NAT route, and then find that it breaks surfing to some secure sites, etc.  

Thanks
0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9825058
Hi,
Both solutions would work. In my opinion, doing it with NAT would be a lot less messy. You only have to make changes on the router. A lot easier to manage as well.

The NAT will not break surfing to secure sites. It was designed for the purpose of allowing people with a private RFC 1918 IP address to connect to the internet. However, there are certain applications that does not like NAT, but since the administrator suggested it, one can assume that it will work.

Installing a Cisco router would also give you flexibility in the configuration that you will not get with most other vendor's products.
Configuring the NAT is really not that tricky - 4 lines to add to the config to be exact  ;-)
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 43

Expert Comment

by:JFrederick29
ID: 9825250
I agree with NicBrey, centralizing administration on the router and not having to mess with the client computers at all would be ideal.
0
 

Author Comment

by:wesvt1
ID: 9826753
Good advice, looks like I should do the dynamic NAT then....

Can you give me any example configuration hints or links as well?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9831966
0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9832256
You said that there is currently a DLink NAT router in between the networks, so I presume they have the same IP address space and that's the reason that you need NAT or re address the network - correct??

Lets sy for example that:
IP address range of LAN with server  =  192.168.1.0   255.255.255.0
IP address of the server                   =  192.168.1.10  255.255.255.0

IP address range of smaller LAN is also      =  192.168.1.0  255.255.255.0
You want to NAT the addresses to 200.1.1.1 to 200.1.1.50


This will make it look like all PC's from the smaller LAN comes from the 200.1.1.0/24 network

Config will look something like this:

interface Ethernet0                                                                                  <--- Inside Interface  
ip address 10.1.2.1 255.255.255.0
ip nat inside

interface Ethernet 1                                                                                <--- Outside interface
ip address 200.1.1.1 255.255.255.0
ip nat outside                                                    

ip nat pool outsidepool 200.1.1.2 200.1.1.50 netmask 255.255.255.0          <--- defines outside address pool
ip nat pool inside 10.1.2.2 10.1.2.254 netmask 255.255.255.0                    <--- defines inside address pool                              
ip nat outside source list 2 pool outsidepool                                              <--- NAT statement for incomming traffic    
ip nat inside source list 2 pool inside pool                                                 <--- NAT statement for outgoing traffic


access-list 2 permit 10.1.2.0 0.0.0.255                                                    <--- Access List defining internal network

Hope this helps.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Spitting up an internet connection. 7 58
Setting up ipSec VPN between ZyXEL routers 3 31
EIGRP  router failure 14 30
Cisco iWAN 8 46
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now