Solution needed...

Hi experts!

My boss wanted our group to be separated from the Head Office Group.  The head office uses the 133.x.x.x and he wants to use other IP.

Head Office 133.x.x.x / 255.255.0.0
Our Office 192.x.x.x / 255.255.255.0

Here is my problem. We will use the HO's system in accessing the system using finance, sales, inventory modules.

What is the best solution for my problem.  Suggestions are welcome.

thanks
LVL 3
Sandy KalugdanSystems AdministratorAsked:
Who is Participating?
 
Rob WilliamsCommented:
We would need more information on your network configuration. Are these "groups" located in the same physical location or connected through a VPN or some such connection? and what do you mean by "We will use the HO's system "
First issue is 133.x.x.x is a public IP range, routable over the Internet and 192.x.x.x is a private IP range which is not routable over the Internet and intended only for use within an office. Generally they are used for different purposes.
0
 
PaulRKruegerCommented:
Also, what does the boss mean by wanting to separate the groups? Obviously this isn't to secure any data since you need to access the 133 network.
0
 
plemieux72Commented:
From what you've described so far, "separating" the 2 networks doesn't seem justified.  Networks exist to connect each other in the first place.  So, what is the purpose or end-result your boss wants to achieve?  If it's security, what exactly do you want to block and permit?  Once we know your goals and what the problem is, we should be able to answer with a solution.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Sandy KalugdanSystems AdministratorAuthor Commented:
thanks for your replies guys!

To answer all your questions...

We are on the same office location.  Head office uses a system that my group also use.  This is the reason why we need to connect to 133.x.x.x

My boss wants to be separated from the 133.x.x.x network because he wanted to have our own network/email system.  He doesn't want the HO to see what we have in our network.

Basically, it will be a one-way connection.

we connect to the 133.x.x.x and yet 133.x.x.x can not connect to us.
0
 
plemieux72Commented:
Well, it cannot be a one-way connection because replies have to come back.  There are a few ways of handling this... one of them may be to place a firewall between the two networks.  If it's a Cisco router in between, you may be able to run CBAC.  This would allow replies to connections initiated on one side but connections initiated from the other side would fail.  Or, a hardware firewall like the Cisco PIX and many others could do the same.  

I am still not convinced this is the way to go.  Most of the time, securing individual systems (email, etc.) by using security groups to allow only certain accounts and deny others makes more sense.
0
 
Sandy KalugdanSystems AdministratorAuthor Commented:
Plemieux72,

Thanks for a well-said suggestion.  Actually, I was thinking about the latter suggestion of yours.  That is what I had in mind but I still consulted the experts.  I wanted to know if they could give me other proposals on how to do this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.