Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Solution needed...

Posted on 2006-10-20
8
Medium Priority
?
249 Views
Last Modified: 2010-04-11
Hi experts!

My boss wanted our group to be separated from the Head Office Group.  The head office uses the 133.x.x.x and he wants to use other IP.

Head Office 133.x.x.x / 255.255.0.0
Our Office 192.x.x.x / 255.255.255.0

Here is my problem. We will use the HO's system in accessing the system using finance, sales, inventory modules.

What is the best solution for my problem.  Suggestions are welcome.

thanks
0
Comment
Question by:Sandy Kalugdan
8 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 336 total points
ID: 17780095
We would need more information on your network configuration. Are these "groups" located in the same physical location or connected through a VPN or some such connection? and what do you mean by "We will use the HO's system "
First issue is 133.x.x.x is a public IP range, routable over the Internet and 192.x.x.x is a private IP range which is not routable over the Internet and intended only for use within an office. Generally they are used for different purposes.
0
 
LVL 4

Assisted Solution

by:PaulRKrueger
PaulRKrueger earned 332 total points
ID: 17780509
Also, what does the boss mean by wanting to separate the groups? Obviously this isn't to secure any data since you need to access the 133 network.
0
 
LVL 10

Assisted Solution

by:plemieux72
plemieux72 earned 332 total points
ID: 17780906
From what you've described so far, "separating" the 2 networks doesn't seem justified.  Networks exist to connect each other in the first place.  So, what is the purpose or end-result your boss wants to achieve?  If it's security, what exactly do you want to block and permit?  Once we know your goals and what the problem is, we should be able to answer with a solution.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 3

Author Comment

by:Sandy Kalugdan
ID: 17782748
thanks for your replies guys!

To answer all your questions...

We are on the same office location.  Head office uses a system that my group also use.  This is the reason why we need to connect to 133.x.x.x

My boss wants to be separated from the 133.x.x.x network because he wanted to have our own network/email system.  He doesn't want the HO to see what we have in our network.

Basically, it will be a one-way connection.

we connect to the 133.x.x.x and yet 133.x.x.x can not connect to us.
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 17782775
Well, it cannot be a one-way connection because replies have to come back.  There are a few ways of handling this... one of them may be to place a firewall between the two networks.  If it's a Cisco router in between, you may be able to run CBAC.  This would allow replies to connections initiated on one side but connections initiated from the other side would fail.  Or, a hardware firewall like the Cisco PIX and many others could do the same.  

I am still not convinced this is the way to go.  Most of the time, securing individual systems (email, etc.) by using security groups to allow only certain accounts and deny others makes more sense.
0
 
LVL 3

Author Comment

by:Sandy Kalugdan
ID: 17782865
Plemieux72,

Thanks for a well-said suggestion.  Actually, I was thinking about the latter suggestion of yours.  That is what I had in mind but I still consulted the experts.  I wanted to know if they could give me other proposals on how to do this.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question