Network setup questions.

I was recently given a a solution to a previous problem with this diagram. I like the way its set up but had a question or 2 about how to perfrom some of the ideas.

Why not do something like this instead:

                                     router(no DHCP, yes NAT)
                                         |                     |
                      WIndows 2003 Server     2nd router (DHCP, no NAT)
                                     |                         |
                          real office network        ( network for when we bring pcs in to service)

Statically configure the Win2k3 server's IP address and the 2nd router's outside interface to be in router 1's inside interface IP range.

Configure router 2 to perform routing, but not NAT.  Have router 2 give out IP's to the computers in the "service" zone.

Configure Win2k3 server to route, provide DHCP, DNS, but not provide NAT.

So, if you get an end-user computer all crudded up with viruses, worms and such... you only have to worry about protecting your server, and not the other computers on the network.

On Router 1, set it up for
Set up router 2 as on the outside and with subnet mask of on the inside.  Set up the routing function to send all unknown traffic to

Set up Win2k3 Server as on the outside and on the inside.  Set up the default route to be

Router 2 serves DHCP to the client computers.

Win2k3 server serves DHCP, DNS to the corporate computers.

Do not route between the client (dirty) network and the corporate network.  That keeps the viruses from "finding" the win2k3 server and corporate network.

How do you set up NAT though a router, and can it be done with a simple linksys?

How do you "Set up router 2 as on the outside and with subnet mask of on the inside.  Set up the routing function to send all unknown traffic to"?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I am curious about your solution.  It works if you have extra equipment you are trying to use, however it could be simplified with a router that has at least two ethernet interfaces and a switch that supports VLAN's.  In other words, place one ethernet port in one VLAN and the other ethernet port in another VLAN.  VLAN-1 would support corporate traffic and VLAN-2 would support service traffic.  DHCP can be configured on the router just for that particular subnet/VLAN and you could access-list to permit/deny traffic you desire.  You can setup multiple route/default routes to select which network can go where.  This would eliminate alot of the complexity and not invite multiple points of failure into the network.  Equipment that support this type of configuration are (Cisco 1605, Cisco 1721, Cisco 2621 and higher).  

To answer your question about the linksys, you connect to it via a web browser and select the advanced tab and fill in the information.  Identify what your local network is and what it should be translated to to access the Internet.

Your thoughts
pcmagic2004Author Commented:
I am sorta new to setups like this and from my last post this was the most logical.  I am not familiar with Cisco but would like to learn. For my own knowledge thoug, you are telling me a cisco router can be split up to run 2 separate networks?
>>...can it be done with a simple linksys?
yes, NAT is a standard for (i think) all the dsl-routers

>>"Set up router 2 as on the outside "
You'll have to have the normal ethernet-protocol configured at the outside port of the router - no dsl or PPPoE or whatelse... then configure TCP/IP to the given adress

>>Set up the routing function to send all unknown traffic to
that means: default gateway for the router 2 has to be that IP - as it is the LAN ip of router 1
Yeah, you can do it all with some more expensive Cisco equipment.  Yes, that would be the more elegant way to do it, but you'd have to buy some "real" networking equipment.  A Cisco router with 3 Ethernet Interfaces would do this wonderfully... but then you'd have to have spend some time learning about how to set up the router.  For the two Linksys boxes, you're talking about spending $100 or so total.  A Cisco 1605 Router's street price is $600-700, although you might be able to pick up a used or refurb for cheaper.

My impression from the previous posting was that you wanted to do this quickly and easily... and with readily available/consumer components, and that your skill level, while it is getting better, isn't up for all that. That's why I suggested the 2-consumer-router design.

(note: Linksys changes code frequently.  My comments are based on firmware that I have on my router, yours may be slightly different)

Log on to the Router by opening a connecting a computer to it, set your computer to use DHCP, then open a web page to (that's the default out-of-the-box IP of the Linksys).  There's a way to "factory default" the linksys in case you really screw it up... just power it on with the reset button held in for 15 seconds.

>How do you set up NAT though a router, and can it be done with a simple linksys?

Yes, it is "on" by default.  You can turn it "on" or "off" on the Linksys management control webpage on the Setup | Advanced Routing page

>How do you "Set up router 2 as on the outside and with
>subnet mask of on the inside.  Set up the routing function to send all unknown
>traffic to"?

Static routing is set on the Setup | Advanced Routing page as well.  Set the destination for IP and subnet mask to go to the "next hop".  In the case of this setup, it would be for

You can set the IP address of the router manually, on the Setup | Basic Setup page.

-- Nick

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.