?
Solved

Smell of extranet...

Posted on 2005-03-03
5
Medium Priority
?
283 Views
Last Modified: 2010-04-10
           
                            Company Y
                                   |
                                PC D
               |      
               |
PC A------------------      |
PC B-------------------      SWITCH------------- PC C----------Company X



Issue:
PC A, PC B and PC C are property of company X, PC D is property of company Y

PC A and PC B do not have to exchange traffic with PC X, while they have to communicate with PC C.
PC D does have to be able to send traffic to PC C, and also be accessed  (AND ADNINISTERED, OWNED by company Y).
Of course PCs of the 2 companies should be separated from each other, except for this communication between PC D and PC C.


How would you resolve ?
Feel free to consider firewalls, VLAN, more than one NIC per PC and reposition /replace the switch.
Thanks





0
Comment
Question by:minicuc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Accepted Solution

by:
lapukman earned 680 total points
ID: 13456665
The easiest is to create a static NAT that would enable traffic between PC C and PC D only. No need to create VLAN as PC A, B and C could be in the same subnet. You could create NAT in your router or in your firewall...

Hope this helps.

Lapukman
0
 
LVL 4

Expert Comment

by:bluebirds1984
ID: 13457967
along with the VLAN you could use Taggin to ensure you know where the packets will go.

you could implement standard 802.1q

http://www.nwfusion.com/news/tech/2001/0305tech.html

i know this standard is supported on alcatel 7800 switches and all newer ones.
0
 
LVL 6

Assisted Solution

by:SlyDog
SlyDog earned 320 total points
ID: 13463026
The easiest solution is to run two different IP layouts.
Example:

PC A IP = 10.10.1.1
PC B IP = 10.10.1.2
PC C IP = 10.10.1.3 and 10.10.2.3
PC D Ip = 10.10.2.2

0
 

Author Comment

by:minicuc
ID: 13488942
Thanks all,
LAPUKMAN and SLYDOG suggestions can be integrated, I am thinking of using Pc C with 2 NICs, one connected to Pc A  and Pc B thru the switch, the other connected to Pc D thru a firewall.
What do you think of this solution ? LAPUKMAN, with respect to just filtering the packet, the static NAT would increase somehow the separation of the two companies' PCs thru obscurity, hiding real destination IP address, right ?
Could I do this with a software firewall product ?

Thanks
0
 
LVL 5

Expert Comment

by:lapukman
ID: 13493322
Well, yes that is correct (well, not hiding the destination, but rather the source). Though I would much pretty much prefer hardware firewall, but I think there are software firewall that could do NATting like Checkpoint's Firewall-1, though I haven't used it yet.

Lapukman
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Make the most of your online learning experience.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month10 days, 18 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question