Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Connecting 2 Subnets

Posted on 2004-08-12
5
Medium Priority
?
352 Views
Last Modified: 2010-04-11
I have a T1 and a router. Right now, this router routes all traffic from my current LAN (192.168.70.x) to the Internet.

The problem is I have remote user who need to access a server on my network. For security reasons, I do not want them to access anything else on my network so I was thinking about putting this server on a DMZ. The problem is, this router does not have a DMZ port. So, I was thinking of changing the LAN subnet that this router recognizes to something like 192.169.100.X and then setting up 2 routers for 2 separate subnets which would be 192.168.70.X and 71.X. I would then set the WAN interface on these routers to use the main router for Internet access. This would give me 2 separate subnets each of which could use the same Internet. The problem is that I would then need the PCs of 71.X to access this server on 70.X. How could I do this?
0
Comment
Question by:ainselyb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11790043
Do you have two Ethernet modules on your current router?

You can set up an access-list that would only allow certain or all machines on the 71.X network to only access Server X on the 70.X network.
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 1500 total points
ID: 11790067
You can do it with only ONE more router (and a small hub or switch, which might already be built into your existing router).  Use the 192.168.71.x subnet to connect the LAN interface of your border router, the WAN interface of your ineternal router, and this server.  You want the inner router to perform NAT or other security (access lists would be ideal, but you haven't indicated a budget) such that internal users can get responses from the server, but the server cannot establish connections into the internal network.

0
 

Expert Comment

by:spyderbilt
ID: 11790607
Hi. Here's an Idea

if I get it right, you have three routers :

A. Internet Router, LAN Interface IP is 100.X
B. Server Router, LAN Interface IP is 70.X, WAN interface IP is 100.B
C. Users Router, LAN Interface IP is 71.X, WAN interface IP is 100.C

could you set a static route on your Internet Router (A) that all traffic going to 70.X subnet should find the next hop via 100.B ?
0
 
LVL 9

Expert Comment

by:cooledit
ID: 11790792
what kinda of router is it ?
that you have (Cisco) or can it do subinterface ?
0
 

Expert Comment

by:spyderbilt
ID: 11794730
hi again,

sorry for my post above, I think the route sould be defined on the users router (C).

alternatively, you mentioned that the internet router doesn't support DMZ, i think you could get a router with DMZ for the server router put the server on a DMZ. so the 71.X users will access the server as 100.B ?

0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question