Solved

Solution needed...

Posted on 2006-10-20
8
241 Views
Last Modified: 2010-04-11
Hi experts!

My boss wanted our group to be separated from the Head Office Group.  The head office uses the 133.x.x.x and he wants to use other IP.

Head Office 133.x.x.x / 255.255.0.0
Our Office 192.x.x.x / 255.255.255.0

Here is my problem. We will use the HO's system in accessing the system using finance, sales, inventory modules.

What is the best solution for my problem.  Suggestions are welcome.

thanks
0
Comment
Question by:Sandy Kalugdan
8 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 84 total points
ID: 17780095
We would need more information on your network configuration. Are these "groups" located in the same physical location or connected through a VPN or some such connection? and what do you mean by "We will use the HO's system "
First issue is 133.x.x.x is a public IP range, routable over the Internet and 192.x.x.x is a private IP range which is not routable over the Internet and intended only for use within an office. Generally they are used for different purposes.
0
 
LVL 4

Assisted Solution

by:PaulRKrueger
PaulRKrueger earned 83 total points
ID: 17780509
Also, what does the boss mean by wanting to separate the groups? Obviously this isn't to secure any data since you need to access the 133 network.
0
 
LVL 10

Assisted Solution

by:plemieux72
plemieux72 earned 83 total points
ID: 17780906
From what you've described so far, "separating" the 2 networks doesn't seem justified.  Networks exist to connect each other in the first place.  So, what is the purpose or end-result your boss wants to achieve?  If it's security, what exactly do you want to block and permit?  Once we know your goals and what the problem is, we should be able to answer with a solution.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 3

Author Comment

by:Sandy Kalugdan
ID: 17782748
thanks for your replies guys!

To answer all your questions...

We are on the same office location.  Head office uses a system that my group also use.  This is the reason why we need to connect to 133.x.x.x

My boss wants to be separated from the 133.x.x.x network because he wanted to have our own network/email system.  He doesn't want the HO to see what we have in our network.

Basically, it will be a one-way connection.

we connect to the 133.x.x.x and yet 133.x.x.x can not connect to us.
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 17782775
Well, it cannot be a one-way connection because replies have to come back.  There are a few ways of handling this... one of them may be to place a firewall between the two networks.  If it's a Cisco router in between, you may be able to run CBAC.  This would allow replies to connections initiated on one side but connections initiated from the other side would fail.  Or, a hardware firewall like the Cisco PIX and many others could do the same.  

I am still not convinced this is the way to go.  Most of the time, securing individual systems (email, etc.) by using security groups to allow only certain accounts and deny others makes more sense.
0
 
LVL 3

Author Comment

by:Sandy Kalugdan
ID: 17782865
Plemieux72,

Thanks for a well-said suggestion.  Actually, I was thinking about the latter suggestion of yours.  That is what I had in mind but I still consulted the experts.  I wanted to know if they could give me other proposals on how to do this.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question