Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 176
  • Last Modified:

Recommendations for a new Router and network changes in Microsoft SBS2000 Environment

Hello!

I was wondering if you experts can recommend a router and/or a network configuraiton for our small office.

We currently have a shared T1 access for internet using a Netgear RT311 router. Our access provider gave us 3 IP addresses and gave us a ethernet drop into our server room. We are currently only using 1 IP using Micosoft SBS2000 server. There are a few things that we would like to do that I think we cannot do without upgrading/reconfiguring the network.

(1) We need to be able to give internet-only access to visitors without giving network access. Currently, we have all our client machines going through SBS2000 which is then connected to the Netgear router. So, I was thinking that we may need another router with a additional ports that can be used for direct access to the internet.

(2) We also would like to have a machine that is not in our corporate network that is accessible from outside without putting that machine in our network. We plan on accessing that machine either through FTP or some other way.

Would appreciate some suggestions on a new router and the network. Thanks.
0
shinhw
Asked:
shinhw
1 Solution
 
gpriceeeCommented:
You can stay with Netgear because you are familiar with it, and they have products to fit your needs.
One I really would recommend is the FVX538: http://www.netgear.com/products/details/FVX538.php

The design of this one will allow you to provide (1) direct access to the internet.

Also, (2) the machine outside of your corporate network can be accessed via a vpn.

To separate the traffic so that you don't have to go through SBS, you simply can connect the subnet to the router and nat it out.
0
 
sbortolussiCommented:
A quick and dirty option would be to put a 4 port switch between your internet connection and the Netgear router. You could then add a wireless access point or simple 4 port Linsys router by plugging it into the switch with a public IP from your ISP for visitors to get internet access. You could also plug a PC with a public IP to the switch that you could easily access from outside.

Like I said quick n dirty, but it would work for the senerio you presented. Of course there are more secure options with port forwarding n such, depends on what your ultimate goal is.
0
 
Ron MalmsteadInformation Services ManagerCommented:
to do it right....you will need to setup VLAN's to separate your network but allow using the same resources ...such as internet.

VLAN 1                                               VLAN2
guest machines                                   network with authentication

          \                                      /
             {          Switch           }
                           ||
                         trunk port
                           ||
                       {Router}=T1



or



Use differnt subnets(172.16.7.1 & 172.16.1.1), buy a new router with 2 lan ports, and use acces control lists to prevent lan to lan traffic....only route lan to 0.0.0.0. any any
0
 
shinhwAuthor Commented:
Thanks for the suggestions. They all sound good.

I like the quick fix option for the immediate need. Thanks.

Gpriceee, One thing I did not mention is that we may want to put a webserver on the public network side. So, I don't think the VPN option will work. What do you think?

xuserx200, do you have a suggestion for a router with 2 lan ports? I like the second option you suggested because it seems like we can control the access between the 2 lans. What I mean is that we will want to give access from the authenticated network to the guest network, but not the other way. Also, for a machine that will be accessible from the outside, we were thinking of just providing a remote login through something like gotomypc.

Thanks!
0
 
gpriceeeCommented:
Actually, putting the web server on the public side will be handled through a dmz.  Place the web server in the DMZ, assign the actual box a non-routable address, and in the firewall, you can NAT the external address to the dmz.  At the very least, you can forward tcp 80 to the web server so that outside users can access it.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now