Link to home
Start Free TrialLog in
Avatar of shinhw
shinhw

asked on

Recommendations for a new Router and network changes in Microsoft SBS2000 Environment

Hello!

I was wondering if you experts can recommend a router and/or a network configuraiton for our small office.

We currently have a shared T1 access for internet using a Netgear RT311 router. Our access provider gave us 3 IP addresses and gave us a ethernet drop into our server room. We are currently only using 1 IP using Micosoft SBS2000 server. There are a few things that we would like to do that I think we cannot do without upgrading/reconfiguring the network.

(1) We need to be able to give internet-only access to visitors without giving network access. Currently, we have all our client machines going through SBS2000 which is then connected to the Netgear router. So, I was thinking that we may need another router with a additional ports that can be used for direct access to the internet.

(2) We also would like to have a machine that is not in our corporate network that is accessible from outside without putting that machine in our network. We plan on accessing that machine either through FTP or some other way.

Would appreciate some suggestions on a new router and the network. Thanks.
Avatar of gpriceee
gpriceee

You can stay with Netgear because you are familiar with it, and they have products to fit your needs.
One I really would recommend is the FVX538: http://www.netgear.com/products/details/FVX538.php

The design of this one will allow you to provide (1) direct access to the internet.

Also, (2) the machine outside of your corporate network can be accessed via a vpn.

To separate the traffic so that you don't have to go through SBS, you simply can connect the subnet to the router and nat it out.
A quick and dirty option would be to put a 4 port switch between your internet connection and the Netgear router. You could then add a wireless access point or simple 4 port Linsys router by plugging it into the switch with a public IP from your ISP for visitors to get internet access. You could also plug a PC with a public IP to the switch that you could easily access from outside.

Like I said quick n dirty, but it would work for the senerio you presented. Of course there are more secure options with port forwarding n such, depends on what your ultimate goal is.
Avatar of Ron Malmstead
to do it right....you will need to setup VLAN's to separate your network but allow using the same resources ...such as internet.

VLAN 1                                               VLAN2
guest machines                                   network with authentication

          \                                      /
             {          Switch           }
                           ||
                         trunk port
                           ||
                       {Router}=T1



or



Use differnt subnets(172.16.7.1 & 172.16.1.1), buy a new router with 2 lan ports, and use acces control lists to prevent lan to lan traffic....only route lan to 0.0.0.0. any any
Avatar of shinhw

ASKER

Thanks for the suggestions. They all sound good.

I like the quick fix option for the immediate need. Thanks.

Gpriceee, One thing I did not mention is that we may want to put a webserver on the public network side. So, I don't think the VPN option will work. What do you think?

xuserx200, do you have a suggestion for a router with 2 lan ports? I like the second option you suggested because it seems like we can control the access between the 2 lans. What I mean is that we will want to give access from the authenticated network to the guest network, but not the other way. Also, for a machine that will be accessible from the outside, we were thinking of just providing a remote login through something like gotomypc.

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of gpriceee
gpriceee

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial