Solved

Routing between two networks, two different entities

Posted on 2003-11-26
8
1,169 Views
Last Modified: 2010-04-17
I'll try to explain as simply as I can, even though it is rather convoluted:

Two entities , a small office and a large office,  that are in buildings across a parking lot from each other and have ethernet running between their two buildings.  Currently, there is a Dlink NAT router between the two offices which allows access from one pc to the larger office.  The large office has a host system that must see a unique IP from each host, or it won't allow a login.   Their needs have changed recently and the small office now needs access for several pc's to this host system next door.  The administrator for the large office wants the smaller office to install a Cisco dual ethernet, and to re-address their space.  The small office doesn't want to re-address their space since they also have a couple of VPN's to other entities.

As a solution, could I just add a secondary ethernet address to the Cisco?  If so, would I then add a second NIC (they all have Win2k Pro) to any pc that needs access to the host system at the large office?  Or is there an easier way?  The administrator from the large office has recommended setting up static NAT addressing on the Cisco, but I see that as more potentially more complicated.

Thanks
0
Comment
Question by:wesvt1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 25 total points
ID: 9824314
Yes, you could add a secondary IP address to your ethernet interface on the router.  In Windows 2000 you can also simply add a second IP address to the NIC in the computers that need access to the large office.  This will save you from buying and installing second NIC's.
0
 
LVL 7

Accepted Solution

by:
NicBrey earned 100 total points
ID: 9824364
No, this can be done easily on the Cisco router without changing/adding anything on the existing LAN.
You can create a NAT pool on the Cisco that contains the addresses of what the other administrator wanted to re-address the network to.
Then you can create a dinamic NAT solution so that an IP address from the internal network will dinamicaly be NATTED to one of the addresses in the NAT pool.

This is really the easiest way to do this - once configured, you will not have to touch it unless the NAT pool runs out of addresses. That can be prevented by creating a large enough pool from the start.

Feel free to ask if you do not understand completely what I meant.

Nic
0
 

Author Comment

by:wesvt1
ID: 9824939
Quick answers guys.... Thank you.

I forgot that with Win2k with static IP's you could multiple addresses under the advanced setting.  

Since I'm not a Cisco expert, seems adding the secondary ethernet address space and statically setting up the clients is easier than doing the "dynamic NAT" solution....  (Or easier for me that is)     So given this information, would both methods be a good solution for a solid, reliable networking environment?  I would hate to do the dynamic NAT route, and then find that it breaks surfing to some secure sites, etc.  

Thanks
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 7

Expert Comment

by:NicBrey
ID: 9825058
Hi,
Both solutions would work. In my opinion, doing it with NAT would be a lot less messy. You only have to make changes on the router. A lot easier to manage as well.

The NAT will not break surfing to secure sites. It was designed for the purpose of allowing people with a private RFC 1918 IP address to connect to the internet. However, there are certain applications that does not like NAT, but since the administrator suggested it, one can assume that it will work.

Installing a Cisco router would also give you flexibility in the configuration that you will not get with most other vendor's products.
Configuring the NAT is really not that tricky - 4 lines to add to the config to be exact  ;-)
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9825250
I agree with NicBrey, centralizing administration on the router and not having to mess with the client computers at all would be ideal.
0
 

Author Comment

by:wesvt1
ID: 9826753
Good advice, looks like I should do the dynamic NAT then....

Can you give me any example configuration hints or links as well?
0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9832256
You said that there is currently a DLink NAT router in between the networks, so I presume they have the same IP address space and that's the reason that you need NAT or re address the network - correct??

Lets sy for example that:
IP address range of LAN with server  =  192.168.1.0   255.255.255.0
IP address of the server                   =  192.168.1.10  255.255.255.0

IP address range of smaller LAN is also      =  192.168.1.0  255.255.255.0
You want to NAT the addresses to 200.1.1.1 to 200.1.1.50


This will make it look like all PC's from the smaller LAN comes from the 200.1.1.0/24 network

Config will look something like this:

interface Ethernet0                                                                                  <--- Inside Interface  
ip address 10.1.2.1 255.255.255.0
ip nat inside

interface Ethernet 1                                                                                <--- Outside interface
ip address 200.1.1.1 255.255.255.0
ip nat outside                                                    

ip nat pool outsidepool 200.1.1.2 200.1.1.50 netmask 255.255.255.0          <--- defines outside address pool
ip nat pool inside 10.1.2.2 10.1.2.254 netmask 255.255.255.0                    <--- defines inside address pool                              
ip nat outside source list 2 pool outsidepool                                              <--- NAT statement for incomming traffic    
ip nat inside source list 2 pool inside pool                                                 <--- NAT statement for outgoing traffic


access-list 2 permit 10.1.2.0 0.0.0.255                                                    <--- Access List defining internal network

Hope this helps.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question