[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Using and on same internet device

Posted on 2006-05-18
Medium Priority
Last Modified: 2008-02-01

I have an internet device (cable modem) an would like to connect it to two différent IP structure such as 192.168.1.x and to 192.168.2.x so that users from one structure do not see the resources from the second structure.

Can I use two rooters with différent internel IP structures connected to a switch and Modem to do that?

Question by:yvallee
  • 4
  • 3
  • 2
  • +2

Expert Comment

ID: 16708633
you need a router or firewall that will basically have 3 parts, outside, 1.x and 2.x and you can setup rules to allow traffic to wherever you want.

Author Comment

ID: 16708671
Any sugestion on the Rooter or Firewall make and model?  I guess a Linksys WRV54G is not what I need?


Expert Comment

ID: 16708933
I don't have a Linksys to play with but from the data sheet. ftp://ftp.linksys.com/datasheet/wrv54g_ds.pdf it only has 2 zones, internal and external. You need something with atleast 3 zones

You might want to look at the Juniper Netscreen 5GT. It's a little more pricy than the Linksys but well worth it. It comes custome with trusted/untrusted/Dmz zones. and you can create your own zones as you require.
You will be using the confiugration with what it calls home/work/untrust which already breaks the network into 3 for you.


Hope this helps.

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

LVL 14

Accepted Solution

nltech earned 375 total points
ID: 16712024
>>> Can I use two rooters with différent internel IP structures connected to a switch and Modem to do that?

cable modem -> two routers or devices

only possible if your access plan provides supports multiple devices. i.e. you can connect multiple computers to the modem without using a router (using a switch or hub instead), each is assigned it's own ip address, and they can access the internet at the same time. most residential cable service is limited to a single, dynamic ip address, which limits you to connecting a single device to the modem. where i am, it costs 3-5x more to get a business-grade cable internet plan that supports 3 dynamic ip's (up to three devices connected to the modem via a switch or hub), and even more still if i want those 3 ip's to be static ones.

low-cost solution to isolate each 'network' from one another and provide internet access to both:

cable modem -> (wan) 'distribution' router (lan) ->

   -> (wan) network1 router (lan) -> net1 clients
   -> (wan) network2 router (lan) -> net2 clients

get a router to act as a 'distribution' point for the internet. each network's own router will be clients of that 'distribution' router.

cheaper than a higher-end router that supports multiple lan networks or zones. the one main drawback to chaining routers is with port forwarding, which would need to be configured on the two routers involved instead of just one.....

i've setup a config like this before. each 'network' wanted control over port forwards, so on the 'distribution' router, i fowarded a small range of (high-numbered, unused) ports to network1's router, and a different range to network2's router. if someone on network1 wanted to use bittorrent, for example, they'd configure the bittorrent client software to use a port in their assigned range and then configure their own 'network' router to foward that port to the target pc. as long as they use a port within the range that was already set up to foward through the distribution router to them, no changes to the common router was needed, only on their own 'network' router.

Author Comment

ID: 16713219
Sounds good nltech,

So, recap...  

Cable modem -> (wan) Internet dist Rooter (lan) -> (wan) Rooter1 (lan) -> Net1 clients or switch
                                                                       -> (wan) Rooter2 (lan) -> Net2 client2 or switch
                                                                       -> (wan) Wireless rooter (lan) -> Wireless Clients


I have 3 IP from ISP so, Let's say ISP IP given are How do I setup Dist Rooter and other 3 rooter's so that goes to Net1, x.x.x103 goes to net2 and x.x.x.104 goes to Net3.

I want to use OWA on NET1 and it uses port80, then I have a WEB server on Net2. At this time, I have a class C network. Maybe I need to switch to class B?  Net1, Net2 and Net3 should not see each others resources for security reasons.


Author Comment

ID: 16713242
Maybe I have to simply use a different subnet?

Ex: Net1 clients subnet
Ex: Net2 clients subnet

Than NET2 could not see Net1's devices? but would it have acces to internet?

LVL 14

Expert Comment

ID: 16713721
if you can have three ip's from your ISP you can hook up to three routers via a switch directly to the cable modem. simplifies things quite a bit. each router's clients will be isolated from the others. each router will have it's own public ip.

Expert Comment

ID: 16713777
Why buy all those routers?
1 Netscreen box. Hooked directly to the ISP on <>

then you just make simple gui changes to allow or disallow traffic to/or from anyone. including between the two 192's.
you can allow net1 to access the internet, and net2 to ONLY access net1's OWA server.


Author Comment

ID: 16715020
I'm shure a Netscreen could do the job jabliii but I allready have all the switchs and rooters available.

So recap,

Modem ->Switch -> (Wan) Rooter1 (LAN) ->clients 192.168.1.x
                         -> (Wan) Rooter2 (LAN) -> clients 192.168.2.x
                         -> (Wan) Rooter3 (LAN) -> clients 192.168.3.x

Right?  I'll try that this weekend and let you know.


Expert Comment

ID: 16743016
>>  Maybe I have to simply use a different subnet?

>>  Ex: Net1 clients subnet
>>  Ex: Net2 clients subnet

>>  Than NET2 could not see Net1's devices? but would it have acces to internet?

These subnet masks will NOT work for you.  Use for each one.  That way each network is totally separate.
LVL 14

Expert Comment

ID: 16912586
Thank you, jeff_trent, for catching that piece about those subnet masks.  You beat me to it.

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question