Routing between two networks, two different entities

I'll try to explain as simply as I can, even though it is rather convoluted:

Two entities , a small office and a large office,  that are in buildings across a parking lot from each other and have ethernet running between their two buildings.  Currently, there is a Dlink NAT router between the two offices which allows access from one pc to the larger office.  The large office has a host system that must see a unique IP from each host, or it won't allow a login.   Their needs have changed recently and the small office now needs access for several pc's to this host system next door.  The administrator for the large office wants the smaller office to install a Cisco dual ethernet, and to re-address their space.  The small office doesn't want to re-address their space since they also have a couple of VPN's to other entities.

As a solution, could I just add a secondary ethernet address to the Cisco?  If so, would I then add a second NIC (they all have Win2k Pro) to any pc that needs access to the host system at the large office?  Or is there an easier way?  The administrator from the large office has recommended setting up static NAT addressing on the Cisco, but I see that as more potentially more complicated.

Thanks
wesvt1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JFrederick29Commented:
Yes, you could add a secondary IP address to your ethernet interface on the router.  In Windows 2000 you can also simply add a second IP address to the NIC in the computers that need access to the large office.  This will save you from buying and installing second NIC's.
0
NicBreyCommented:
No, this can be done easily on the Cisco router without changing/adding anything on the existing LAN.
You can create a NAT pool on the Cisco that contains the addresses of what the other administrator wanted to re-address the network to.
Then you can create a dinamic NAT solution so that an IP address from the internal network will dinamicaly be NATTED to one of the addresses in the NAT pool.

This is really the easiest way to do this - once configured, you will not have to touch it unless the NAT pool runs out of addresses. That can be prevented by creating a large enough pool from the start.

Feel free to ask if you do not understand completely what I meant.

Nic
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wesvt1Author Commented:
Quick answers guys.... Thank you.

I forgot that with Win2k with static IP's you could multiple addresses under the advanced setting.  

Since I'm not a Cisco expert, seems adding the secondary ethernet address space and statically setting up the clients is easier than doing the "dynamic NAT" solution....  (Or easier for me that is)     So given this information, would both methods be a good solution for a solid, reliable networking environment?  I would hate to do the dynamic NAT route, and then find that it breaks surfing to some secure sites, etc.  

Thanks
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

NicBreyCommented:
Hi,
Both solutions would work. In my opinion, doing it with NAT would be a lot less messy. You only have to make changes on the router. A lot easier to manage as well.

The NAT will not break surfing to secure sites. It was designed for the purpose of allowing people with a private RFC 1918 IP address to connect to the internet. However, there are certain applications that does not like NAT, but since the administrator suggested it, one can assume that it will work.

Installing a Cisco router would also give you flexibility in the configuration that you will not get with most other vendor's products.
Configuring the NAT is really not that tricky - 4 lines to add to the config to be exact  ;-)
0
JFrederick29Commented:
I agree with NicBrey, centralizing administration on the router and not having to mess with the client computers at all would be ideal.
0
wesvt1Author Commented:
Good advice, looks like I should do the dynamic NAT then....

Can you give me any example configuration hints or links as well?
0
NicBreyCommented:
You said that there is currently a DLink NAT router in between the networks, so I presume they have the same IP address space and that's the reason that you need NAT or re address the network - correct??

Lets sy for example that:
IP address range of LAN with server  =  192.168.1.0   255.255.255.0
IP address of the server                   =  192.168.1.10  255.255.255.0

IP address range of smaller LAN is also      =  192.168.1.0  255.255.255.0
You want to NAT the addresses to 200.1.1.1 to 200.1.1.50


This will make it look like all PC's from the smaller LAN comes from the 200.1.1.0/24 network

Config will look something like this:

interface Ethernet0                                                                                  <--- Inside Interface  
ip address 10.1.2.1 255.255.255.0
ip nat inside

interface Ethernet 1                                                                                <--- Outside interface
ip address 200.1.1.1 255.255.255.0
ip nat outside                                                    

ip nat pool outsidepool 200.1.1.2 200.1.1.50 netmask 255.255.255.0          <--- defines outside address pool
ip nat pool inside 10.1.2.2 10.1.2.254 netmask 255.255.255.0                    <--- defines inside address pool                              
ip nat outside source list 2 pool outsidepool                                              <--- NAT statement for incomming traffic    
ip nat inside source list 2 pool inside pool                                                 <--- NAT statement for outgoing traffic


access-list 2 permit 10.1.2.0 0.0.0.255                                                    <--- Access List defining internal network

Hope this helps.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.