Solved

Connecting 2 Subnets

Posted on 2004-08-12
5
350 Views
Last Modified: 2010-04-11
I have a T1 and a router. Right now, this router routes all traffic from my current LAN (192.168.70.x) to the Internet.

The problem is I have remote user who need to access a server on my network. For security reasons, I do not want them to access anything else on my network so I was thinking about putting this server on a DMZ. The problem is, this router does not have a DMZ port. So, I was thinking of changing the LAN subnet that this router recognizes to something like 192.169.100.X and then setting up 2 routers for 2 separate subnets which would be 192.168.70.X and 71.X. I would then set the WAN interface on these routers to use the main router for Internet access. This would give me 2 separate subnets each of which could use the same Internet. The problem is that I would then need the PCs of 71.X to access this server on 70.X. How could I do this?
0
Comment
Question by:ainselyb
5 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11790043
Do you have two Ethernet modules on your current router?

You can set up an access-list that would only allow certain or all machines on the 71.X network to only access Server X on the 70.X network.
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 500 total points
ID: 11790067
You can do it with only ONE more router (and a small hub or switch, which might already be built into your existing router).  Use the 192.168.71.x subnet to connect the LAN interface of your border router, the WAN interface of your ineternal router, and this server.  You want the inner router to perform NAT or other security (access lists would be ideal, but you haven't indicated a budget) such that internal users can get responses from the server, but the server cannot establish connections into the internal network.

0
 

Expert Comment

by:spyderbilt
ID: 11790607
Hi. Here's an Idea

if I get it right, you have three routers :

A. Internet Router, LAN Interface IP is 100.X
B. Server Router, LAN Interface IP is 70.X, WAN interface IP is 100.B
C. Users Router, LAN Interface IP is 71.X, WAN interface IP is 100.C

could you set a static route on your Internet Router (A) that all traffic going to 70.X subnet should find the next hop via 100.B ?
0
 
LVL 9

Expert Comment

by:cooledit
ID: 11790792
what kinda of router is it ?
that you have (Cisco) or can it do subinterface ?
0
 

Expert Comment

by:spyderbilt
ID: 11794730
hi again,

sorry for my post above, I think the route sould be defined on the users router (C).

alternatively, you mentioned that the internet router doesn't support DMZ, i think you could get a router with DMZ for the server router put the server on a DMZ. so the 71.X users will access the server as 100.B ?

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question