• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

2 domains on 1 Lan

Hi Experts, I have 1 office with watchguard firewall/vpn box Internal IP 192.168.111.1 supplying dhcp. I have second office that is being built out that will connect to first office over vpn and have its own domain and AD Server. While under construction group from second office will work out of office 1 location. I wanted to simulate set-up like it will be once they have moved with correct IP's and domain. Linksys Firewall /vpn for location 2 was set up with with Wan address 192.168.111.5 and added to office 1 network. It is doing nat and dhcp with address of 192.168.112.1 . I set 1to1 on linksys for 192.168.111.6 to 192.168.112.2 and can access files on server for office 2 from office 1 network. I can not seem to find a way to access files on office 1 server 192.168.111.2 from office 2 network 192.168.112.0/24 . Watchguard does not have 1 to 1 nat. how can I seperate these 2 subnets and still have communications between them. I think by putting netowrk 1 on wan side of network 2 firewall causing problem. there must be and easy way to set this up. Thanks
0
AndykEE
Asked:
AndykEE
  • 4
  • 3
  • 2
  • +1
1 Solution
 
waqaswasibCommented:
there is software with which u can crate a profile of settings & u can switch b/w those 2 different profiles
http://www.filedudes.com/Network_Configuration_Management-download-20741.html
hope this will help you
bye
0
 
prashsaxCommented:
Ok here is what I could understand from your question:

Network 1----------------(WatchGuard)-----------------(Linksys)-----------------------------Network 2
192.168.111.0/24   192.168.111.1             192.168.111.5       192.168.112.1                 192.168.112.0/24

Firstly, are you able to ping 192.168.111.1 from 192.168.112.2.

Does watchguard have port forwarding on it. If yes, then you can forward port 445/TCP from address 192.168.111.1 to your fileserver in network 1.

What is the WAN interface IP on WatchGuard. You should simulate condition where you have to setup VPN between then. So that when actual thing happens, then all you need to do is to change IP address. Here is how you can do this.

Network1--------- -------------WatchGuard----------------------------------------LinkSys--------------------Network2
192.168.111.0/24    192.168.111.1      172.17.50.1                      172.17.52.1       192.168.112.1     192.168.112.0/24
^^^^^^^              ^^^^^^^           ^^^^^^^^                     ^^^^^^             ^^^^^^^        ^^^^^^^^^
Private Subnet             PrivateIP              Public IP(Simulate)         Public IP(Simulate)    Private IP         PrivateSubnet


Now, you can configure a VPN between 192.168.111.0/24 and 192.168.112.0/24.
All you need to do is to add a route to 192.168.112.0/24 on your watchguard and route for 192.168.111.0/24 on Linksys. Rest will be done using VPN. (I hope Watguard and Linksys are DEfault gateways in their respective network).

Then, when your office2 goes to their new building, all you have to do is to change the simulated public IPs.
0
 
AndykEEAuthor Commented:
prashsax - thanks Looks like exactly what I am trying to do. Each device is default gateway. Watchguard wan interface currently connects to our ISP with public IP i.e. 67.88.89.201 .  How does one simulate public IP on device that needs to provide internet connection?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
wingateslCommented:
what is the subnet mask of your public IP ?
0
 
AndykEEAuthor Commented:
255.255.255.255

0
 
wingateslCommented:
That cannot be the subnet mask. you would not be able to connect to the internetwith that mask. from your ISP's instructions can you find it?
0
 
AndykEEAuthor Commented:
This connects to ISP via ppoe. though static IP dns, subnet mask, etc. are populated after ppoe connects. 255.255.255.255 is what shows in watchguard wan settings. this is not configurable. We just have 1 external static IP.
0
 
prashsaxCommented:
Thats why you have subnet mask as 255.255.255.255. Its the mask for one host only.

How many WAN interfaces you have on WatchGuard.

                                           67.88.89.201  
                                                  |
Network1--------- -------------WatchGuard----------------------------------------LinkSys--------------------Network2
192.168.111.0/24    192.168.111.1      172.17.50.1                      172.17.52.1       192.168.112.1     192.168.112.0/24
^^^^^^^              ^^^^^^^           ^^^^^^^^                     ^^^^^^             ^^^^^^^        ^^^^^^^^^
Private Subnet             PrivateIP              Public IP(Simulate)         Public IP(Simulate)    Private IP         PrivateSubnet

Is this how it looks like.

0
 
AndykEEAuthor Commented:
watchguard has 1 Wan Interface, linksys has 2. Could put linksys first to Internet, but watchguard has many vpn tunnels set up to it in use. tried numerous combinations of static routing but could not get two way communication. For now accessing server on Network 2 from Network 1 was critical need. I accomplished this with configuring 1 to 1 nat in linksys. Once this is offsite and true vpn there won't be issue. Any last thoughts? prashsax getting points for most help.  
0
 
prashsaxCommented:
Ok then Andy, here is more thing you can do, just a make shift arrangement, till your office relocates.

                                            Public IP
                                                 |
Network1--------- -------------WatchGuard----------------------------------------LinkSys--------------------Network2
192.168.111.0/24    192.168.111.1                                 192.168.111.10                     192.168.112.1     192.168.112.0/24
^^^^^^^              ^^^^^^^                                      ^^^^^^                              ^^^^^^^        ^^^^^^^^^
Private Subnet             PrivateIP                                      Network1 IP                            Private IP         PrivateSubnet

Connect Linksys to watchguard internal interface with IP address from network1(e.g. 192.168.111.10)
Now add a route on watchguard to subnet 192.168.112.0/24 thru 192.168.111.10.
Configure Linksys default route to 192.168.111.10.

What this will do is that, now you can access both network from each other without natting.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now