Connecting 2 Subnets

Posted on 2004-08-12
Medium Priority
Last Modified: 2010-04-11
I have a T1 and a router. Right now, this router routes all traffic from my current LAN (192.168.70.x) to the Internet.

The problem is I have remote user who need to access a server on my network. For security reasons, I do not want them to access anything else on my network so I was thinking about putting this server on a DMZ. The problem is, this router does not have a DMZ port. So, I was thinking of changing the LAN subnet that this router recognizes to something like 192.169.100.X and then setting up 2 routers for 2 separate subnets which would be 192.168.70.X and 71.X. I would then set the WAN interface on these routers to use the main router for Internet access. This would give me 2 separate subnets each of which could use the same Internet. The problem is that I would then need the PCs of 71.X to access this server on 70.X. How could I do this?
Question by:ainselyb

Expert Comment

ID: 11790043
Do you have two Ethernet modules on your current router?

You can set up an access-list that would only allow certain or all machines on the 71.X network to only access Server X on the 70.X network.
LVL 11

Accepted Solution

PennGwyn earned 1500 total points
ID: 11790067
You can do it with only ONE more router (and a small hub or switch, which might already be built into your existing router).  Use the 192.168.71.x subnet to connect the LAN interface of your border router, the WAN interface of your ineternal router, and this server.  You want the inner router to perform NAT or other security (access lists would be ideal, but you haven't indicated a budget) such that internal users can get responses from the server, but the server cannot establish connections into the internal network.


Expert Comment

ID: 11790607
Hi. Here's an Idea

if I get it right, you have three routers :

A. Internet Router, LAN Interface IP is 100.X
B. Server Router, LAN Interface IP is 70.X, WAN interface IP is 100.B
C. Users Router, LAN Interface IP is 71.X, WAN interface IP is 100.C

could you set a static route on your Internet Router (A) that all traffic going to 70.X subnet should find the next hop via 100.B ?

Expert Comment

ID: 11790792
what kinda of router is it ?
that you have (Cisco) or can it do subinterface ?

Expert Comment

ID: 11794730
hi again,

sorry for my post above, I think the route sould be defined on the users router (C).

alternatively, you mentioned that the internet router doesn't support DMZ, i think you could get a router with DMZ for the server router put the server on a DMZ. so the 71.X users will access the server as 100.B ?


Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question