Solved

Connecting 2 Subnets

Posted on 2004-08-12
5
348 Views
Last Modified: 2010-04-11
I have a T1 and a router. Right now, this router routes all traffic from my current LAN (192.168.70.x) to the Internet.

The problem is I have remote user who need to access a server on my network. For security reasons, I do not want them to access anything else on my network so I was thinking about putting this server on a DMZ. The problem is, this router does not have a DMZ port. So, I was thinking of changing the LAN subnet that this router recognizes to something like 192.169.100.X and then setting up 2 routers for 2 separate subnets which would be 192.168.70.X and 71.X. I would then set the WAN interface on these routers to use the main router for Internet access. This would give me 2 separate subnets each of which could use the same Internet. The problem is that I would then need the PCs of 71.X to access this server on 70.X. How could I do this?
0
Comment
Question by:ainselyb
5 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11790043
Do you have two Ethernet modules on your current router?

You can set up an access-list that would only allow certain or all machines on the 71.X network to only access Server X on the 70.X network.
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 500 total points
ID: 11790067
You can do it with only ONE more router (and a small hub or switch, which might already be built into your existing router).  Use the 192.168.71.x subnet to connect the LAN interface of your border router, the WAN interface of your ineternal router, and this server.  You want the inner router to perform NAT or other security (access lists would be ideal, but you haven't indicated a budget) such that internal users can get responses from the server, but the server cannot establish connections into the internal network.

0
 

Expert Comment

by:spyderbilt
ID: 11790607
Hi. Here's an Idea

if I get it right, you have three routers :

A. Internet Router, LAN Interface IP is 100.X
B. Server Router, LAN Interface IP is 70.X, WAN interface IP is 100.B
C. Users Router, LAN Interface IP is 71.X, WAN interface IP is 100.C

could you set a static route on your Internet Router (A) that all traffic going to 70.X subnet should find the next hop via 100.B ?
0
 
LVL 9

Expert Comment

by:cooledit
ID: 11790792
what kinda of router is it ?
that you have (Cisco) or can it do subinterface ?
0
 

Expert Comment

by:spyderbilt
ID: 11794730
hi again,

sorry for my post above, I think the route sould be defined on the users router (C).

alternatively, you mentioned that the internet router doesn't support DMZ, i think you could get a router with DMZ for the server router put the server on a DMZ. so the 71.X users will access the server as 100.B ?

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question