Solved

Solution needed...

Posted on 2006-10-20
8
242 Views
Last Modified: 2010-04-11
Hi experts!

My boss wanted our group to be separated from the Head Office Group.  The head office uses the 133.x.x.x and he wants to use other IP.

Head Office 133.x.x.x / 255.255.0.0
Our Office 192.x.x.x / 255.255.255.0

Here is my problem. We will use the HO's system in accessing the system using finance, sales, inventory modules.

What is the best solution for my problem.  Suggestions are welcome.

thanks
0
Comment
Question by:Sandy Kalugdan
8 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 84 total points
ID: 17780095
We would need more information on your network configuration. Are these "groups" located in the same physical location or connected through a VPN or some such connection? and what do you mean by "We will use the HO's system "
First issue is 133.x.x.x is a public IP range, routable over the Internet and 192.x.x.x is a private IP range which is not routable over the Internet and intended only for use within an office. Generally they are used for different purposes.
0
 
LVL 4

Assisted Solution

by:PaulRKrueger
PaulRKrueger earned 83 total points
ID: 17780509
Also, what does the boss mean by wanting to separate the groups? Obviously this isn't to secure any data since you need to access the 133 network.
0
 
LVL 10

Assisted Solution

by:plemieux72
plemieux72 earned 83 total points
ID: 17780906
From what you've described so far, "separating" the 2 networks doesn't seem justified.  Networks exist to connect each other in the first place.  So, what is the purpose or end-result your boss wants to achieve?  If it's security, what exactly do you want to block and permit?  Once we know your goals and what the problem is, we should be able to answer with a solution.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 3

Author Comment

by:Sandy Kalugdan
ID: 17782748
thanks for your replies guys!

To answer all your questions...

We are on the same office location.  Head office uses a system that my group also use.  This is the reason why we need to connect to 133.x.x.x

My boss wants to be separated from the 133.x.x.x network because he wanted to have our own network/email system.  He doesn't want the HO to see what we have in our network.

Basically, it will be a one-way connection.

we connect to the 133.x.x.x and yet 133.x.x.x can not connect to us.
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 17782775
Well, it cannot be a one-way connection because replies have to come back.  There are a few ways of handling this... one of them may be to place a firewall between the two networks.  If it's a Cisco router in between, you may be able to run CBAC.  This would allow replies to connections initiated on one side but connections initiated from the other side would fail.  Or, a hardware firewall like the Cisco PIX and many others could do the same.  

I am still not convinced this is the way to go.  Most of the time, securing individual systems (email, etc.) by using security groups to allow only certain accounts and deny others makes more sense.
0
 
LVL 3

Author Comment

by:Sandy Kalugdan
ID: 17782865
Plemieux72,

Thanks for a well-said suggestion.  Actually, I was thinking about the latter suggestion of yours.  That is what I had in mind but I still consulted the experts.  I wanted to know if they could give me other proposals on how to do this.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco switch suggestion 5 63
Cisco 5508 WLC software upgrade 2 70
Slow Internet Connection 9 54
what is mstp 6 29
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question