Connecting two different LANS with my current equipment

This question is kind of a take off of http://www.experts-exchange.com/Networking/Q_21477995.html

I'd really like to get this solved.  Unfortunately I believe my knowledge of general TCP/IP is preventing me from completely understanding the suggestions that have been made to me.

As I explained in the post mentioned above, I just need to be able to access the 192.168.3.xxx network from the 192.168.4.xxx network.  Both are in the same building and both have separate DSL's.

I believe the firewalls should be able to handle some kind of routing that allows the two networks to talk.


I guess I would first connect the two with ethernet...then configure routes on both of the firewalls...

Specifically...the watchguard (192.168.3.xxx network)
In the watchguard admin interface:
there is an area to add a route
there is two choices (radio buttons): "Net" or "Host"

If "Net" is chosen the input fields are "Network Address (slash notation)" and "Gateway"

If "Host" is chosen the input fields are "IP Address" and "Gateway"

Specifically...the Hotbrick (192.168.4.xxx network)
In the Hotbrick admin interface are the following fields:
"Network Address"
"Netmask"
"Gateway"
"Interface" (drop down with choices: WAN1, WAN2, LAN)
"Metric"

What would I enter in those fields to get the two networks talking?

I hope this is not to stupid of a question...
SnazzySheaperdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pseudocyberCommented:
Specifically...the watchguard (192.168.3.xxx network)
In the watchguard admin interface:
there is an area to add a route
there is two choices (radio buttons): "Net" or "Host"

If "Net" is chosen the input fields are "Network Address (slash notation)" and "Gateway"

You want NET.  You want to route anything for that network over to that network.  The other network is:  
192.168.4.0/24 (the /24 is another way of writing 255.255.255.0)
The gateway would be the INSIDE address which your router can reach - where it knows about of the router/firewall leading to the other network the next hop- so it will be something on the 192.168.3.x network.



Specifically...the Hotbrick (192.168.4.xxx network)
In the Hotbrick admin interface are the following fields:
"Network Address"
"Netmask"
"Gateway"
"Interface" (drop down with choices: WAN1, WAN2, LAN)
"Metric"

Network address of the other network is 192.168.3.0
Netmask is 255.255.255.0 (or /24)
Gateway is an IP on the interface connected to the other network - the other side.  So, if you have an interface connected to 192.168.3.0, it would be the IP on the other side - the next hop.
Interface - which ever one is connected towards the destination.
Metric - used for routing decisions.  You can leave it default.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SnazzySheaperdAuthor Commented:
OK...
Here is where I am stuck at the moment:

For simplicity purposes

We'll call the Watchguard Router "A".  It has an internal IP address of 192.168.3.1
We'll call the Hotbrick Router "B".  It has aninternal IP address of 192.168.0.1

-------------------------------
Here is what I have so far...
-------------------------------
On "Router A", the Watchguard, I have a CAT5 cable in one of the available LAN ports running to one of "Router B's" available LAN ports.

On "Router A" I have set up a route that has
"Network Address" : 192.168.0.0/24
"Gateway" : 192.168.3.1

On "Router B" I have set up a route that has
"Network Address" : 192.168.3.0
"Netmask" : 255.255.255.0
"Gateway" : 192.168.0.1
"Interface" : LAN
"Metric" : 2     (metric here says to use 2~15...is that the number of HOPS it will need to take before it gets to the gateway?)

-------------------------------
...and here is what I am getting when I try to ping a 192.168.3.xxx IP address from a 192.168.0.xxx machine:
-------------------------------
Reply from 192.168.0.12 TTL expired in transit.
Reply from 192.168.0.11 TTL expired in transit.
Reply from 192.168.0.11 TTL expired in transit.
Reply from 192.168.0.11 TTL expired in transit.

Those IP addresses (192.168.0.12 & 192.168.0.11) are my switches


??????
On a more basic level...
When Setting up the route from the Watchguard, "Router A"... Should I use the IP address of the "Router B" for the gateway...and vise versa...  Then run a single non-x-over cat5 cable between the two routers in any of their available "LAN" ports?  Or do I need a device between the two routers to handel the routing between the two?  (wow I hope that makes sense)
??????
pseudocyberCommented:
What are the IP addresses on the "LAN port" interfaces with the Cat5 cable between them.  Also, do you have a link on those ports - you probably need a Crossover cable to connect them - since they're the same type of port.

Your routes should be like this:

To 192.168.0.0 mask 255.255.255.0 next hop IP of LAN PORT on B
To 192.168.3.0 mask 255.255.255.0 next hop IP of LAN PORT on A
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

makanaCommented:
Sounds a Good Topic !
SnazzySheaperdAuthor Commented:
> What are the IP addresses on the "LAN port" interfaces with the Cat5 cable between them.
I believe that the IP addresses on the "LAN port" interfaces are 192.168.3.1 for "Router A" &  192.168.0.1 for "Router B"
Those are the IP addresses that I use to get to the admin interfaces of each of them.
Is the "LAN Port" Ip address something I need to assign to the routers...besides the internal IP that is already there, resulting in the Firewalls/Routers having two internal IP addresses?

>Also, do you have a link on those ports - you probably need a Crossover cable to connect them - since they're the same type of port.
Like a link "light"?...or do you mean an "Uplink port"?
I tried a crossover instead of a regular cable too.  

I think I am missing a fundemental piece of this puzzle.

>Your routes should be like this:
>To 192.168.0.0 mask 255.255.255.0 next hop IP of LAN PORT on B
>To 192.168.3.0 mask 255.255.255.0 next hop IP of LAN PORT on A

Mine look like:

"Router A" (Watchguard)
     Network                   Gateway
192.168.0.0/24     >     192.168.3.1    

"Router B" (Hotbrick)
Index        Destination IP        Subnet Mask              Gateway                  Interface        Metric        Type
1         192.168.3.0              255.255.255.0         192.168.0.1                    LAN            2                Manual

Thank's for sticking with this!!
pseudocyberCommented:
Ok I'm picturing your setup like this:


     Internet                                                                            Internet
         |                                                                                       |
      (Int0) public ip                                                                    (Int0) public ip
         |                                                                                       |
Firewall/Router A---(Int1)-192.168.4.1/24---192.168.4.2/24--(Int2)---Firewall/Rotuer B
         |                                                                                       |
      (Int3)  192.168.3.1/24                                                   (Int3) 192.168.0.1/24



So, on Router A static route to reach 192.168.0.0/24 would read:
Destination 192.168.0.0 mask 255.255.255.0 next hop 192.168.4.2

On Router B static route to reach 192.168.3.0/24 would read:
Destination 192.168.3.0 mask 255.255.255.0 next hop 192.168.4.1

The LINK IN BETWEEN would be a crossover cable.  You HAVE TO HAVE network(s) in common for the two to route to each other.  In my original document, I assumed you'd be adding in two SOHO routers - so they would have their WAN interfaces in common.

Do your firewalls have 3 interfaces - on for the "link" network, one for the "WAN" to the Internet, and one for the inside "private" network?


   
SnazzySheaperdAuthor Commented:
Here is a description of the two firewalls/routers that are in my building:
"Router A"
http://www.watchguard.com/products/x700.asp
The watchguard has an "External" port that goes to the DSL modem and 5 more ports labeled 1,2,3,4,5 respectively.  Port 1 has a CAT5 going to a switch that all the servers are connected to.
"Router B"
http://www.hotbrick.com/vpn800.asp
The Hotbrick has Dual WAN ports that we are only using one of, going to the DSL modem and 8 more ports labeled 1,2,3,4,5,6,7,8 respectively.  Port 1 has a CAT5 going to a switch that all the PC's are connected to.

Here is the setup in the California building.

        Internet                                                                                     Internet
             |                                                                                               |
ADSL Modem (bridged)                                                             ADSL Modem (bridged)
             |                                                                                               |
Watchguard (192.168.3.1)     <------Single CAT5 cable------>      Hotbrick (192.168.0.1)
             |                                                                                               |
         Switch                                                                                       Switch
            /\                                                                                              /\
        Servers                                                                                        PC's


I want to be able to access the servers on the 192.168.3.xxx network from the PC's on the 192.168.0.xxx network.


Right now I have a single CAT5 connected to the port 2 of the watchguard going to the port 2 of the Hotbrick.  I imagine any of the eight ports on the hotbrick would be the same and that any of the 5 ports on the watchguard would be the same.
Maybe this sheds some light.  If not please let me know.

I don't think I have it "physically" set up right.  Like I said... I think I am missing a fundamental piece of the puzzle here.  The configuration in the two firewalls to do routing seems pretty straight forward though; Network, Netmask, and Gateway.

>So, on Router A static route to reach 192.168.0.0/24 would read:
>Destination 192.168.0.0 mask 255.255.255.0 next hop 192.168.4.2

Does "next hop" represent "Gateway" in this example? ...and could I use any available ipaddress in the 192.168.4.xxx range for this "next hop"?

Once again, forgive me for my stupidity... :-D
pseudocyberCommented:
Looking at your firewalls,

I think you'd plug into one of the "optional interfaces" on the Watchguard and the second WAN port on the Hot Brick.

To route between these two networks, you have to have devices with a shared network between them.  So, on the link between the two firewalls, they have to have a common connection which is where I'm suggesting another network.

For clarity, let's call it 10 instead of 192.

And just to be professional about it, lets subnet it down to two useable IP's for a two node link.  So, let's make it:
10.0.0.0/30 (which is mask 255.255.255.252) and gives you two IP's:  10.0.0.1 and 10.0.0.2.

On the Watchguard, on the optional interface, you'd need to put the first IP 10.0.0.1/32 (255.255.255.252)
On the Hot Brick, on the 2nd WAN interface, you'd need to put the second IP 10.0.0.2/32 (255.255.255.252)

Now, theoretically, since the 10.0.0.0/32 network is directly connected to these guys, they should be able to route from their internal 192 nets to the 10 net with NO problem - no further config.

However, they won't know anything about each others 192 nets since that's what routing protocols do, and you're not using routing protocols - you're using static routing.

So, on the Watchguard, you need a static route telling it to get to 192.168.0.0/24 net, it needs to send traffic to the interface ofthe Hot Brick, which is 10.0.0.2.  When the Hot Brick receives traffic destined for 192.168.0.0 it knows what to do with it, send it out it's internal interface.

On the Hot Brick, you need a static route telling it to get to 192.168.3.0/24 net, it needs to send traffic to the interface on the Watchguard, which is 10.0.0.1.  When the Watchguard receives traffic destined for 192.168.3.0 it knows what to do with it, send it out it's internal interface.

Now something to point out here - we're NOT talking about NATting between the two - you could do it, but I think it would overly complicate things.

HTH
tmesiasCommented:
hmm...  why not get a linksys rv042 or similar, set it up to do outbound load balancing leveraging both connections, and then supernet the to networks together, having the linksys route internally for both networks?
SnazzySheaperdAuthor Commented:
Still no luck here.

The only way to assign WAN port 2 of the Hotbrick a secondary IP is if NAT is turned off and it turns it off for both WAN ports.  Needless to say that is not what I want.

I've got to do it another way.  One of the networks is all Layer 3 switches.  I'm wondering if using one of those switches to do the routing would be an option.

Any ideas?

tmesiasCommented:
could work...  how many hosts?
SnazzySheaperdAuthor Commented:
>could work...  how many hosts?
Basically it is one server but several cameras display their streams into the web interface of that server.
I guess the answer is either 1 or 7.  There are 6 cameras.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.