Connecting two seperate networks

I am working with two networks that are totally seperated and are connected to the internet through 2 different ISP's. Here is a quick diagram of what it looks like.

    T-1                                ADSL
     |                                      |
   SonicWall                  SonicWall
     |                                      |
 192.168.168.0/24            192.168.1.0/24

I would like to connect these two networks with a router. What kind of router should I use? im thinking of a cisco router. Should it have 2 Ethernet interfaces? should I also put the router behind the firewall? Thank you
TurbowyAsked:
Who is Participating?
 
giltjrConnect With a Mentor Commented:
I am now a bit confused on your IP addressing.

On each Sonicwall you should have 3 IP addresses.

"Inside"  - your internal secured network.
"Outside" - the Internet
"Partner" - the network between the two Sonic Walls.

Something like:

               Internet1                  Internet2
                  /\                               /\
                   |                                 |
                  \/                               \/
                SW1 <-- Partner --> SW2
                  /\                               /\
                   |                                 |
                  \/                               \/
              Inside1                      Inside2
      192.168.168.0/24        192.168.250.0/24

Each one should be their own IP subnet.  
All computers on Inside1 should be using a default gateway of whatever the Sonicwalls IP address is on the subnet Inside1.

All computers on Inside2 should be using a default gateway of whatever the Sonicwalls IP address is on the subnet Inside2.

"Private" should be a new IP subnet, say 192.168.99.0/x (you don't need a full /24 for this, but it may make things simpler).  Each Sonicwall should have an IP address with the "Private" ip subnet and should be configured to allow the necessary traffic you need to pass between the two networks.
0
 
kinetik20Commented:
Are they close enough for a physical connection or will this be VPN? If it's a VPN what model sonicwalls are you working with?
0
 
TurbowyAuthor Commented:
They are exactly 10 ft apart... so this would be a physical connection. The sonicwalls are 3060 pro, they have one Wan, Lan and DMZ ethernet ports.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
kinetik20Commented:
You can use a cisco router and you will need a couple interface cards. What function are the 3060 pro's serving?
0
 
TurbowyAuthor Commented:
They seperate  a second company that moved into our building, so they have they own firewall and it points out to the internet.... now I need to join them so both networks can share fiels etc... if I try to connect them directly from firewall to firewall, would that work? I can join them through a cross over cable by connecting them to the DMZ port? what cisco router do you recommend?
0
 
giltjrCommented:
I would not cross connect the two DMZ ports.  In the future if you need a DMZ, it kind of ties your hands.

What type of security do you need between the two networks?  Do you want to allow any host to connect to any host or just allow access to specific servers?

If your budget can afford it I would suggest a layer 3 switch instead of router, a 3560 class should be fine.  However the 800 series router will work fine.
0
 
TurbowyAuthor Commented:
but its possible to do it with the firewall as well right?
0
 
giltjrCommented:
With the correct permissions, yes.
0
 
kinetik20Commented:
What are your overall goals for joining the networks?
0
 
TurbowyAuthor Commented:
hi everyone, I have connected the two firewalls. i have used the cross over cable on the DMZ ports, I did the static routes. Opened rules to allow from DMZ->LAN and vice versa on both walls. However I cannot browse from one side of the network over to the other one. I tried to browse through netbios like in \\192.168.0.18. Any other recommendation that you can provide?

If I choose to go with the router. I suppose I should place the router in the private LAN between the two networks, connect both switches to its respective interfaces on the router and do the static routes on the router. That should work correct?
0
 
kinetik20Commented:
Can you ping the other side of the network?
0
 
TurbowyAuthor Commented:
no, as per sonic wall the pinging is not allowed on the dmz interfaces, but i should be able to interconnect two sites with the method as described above. This is what sonicwall has told me!
0
 
kinetik20Commented:
Just a thought but is netbios allowed?
0
 
kinetik20Commented:
*netbois
0
 
TurbowyAuthor Commented:
Yes, Netbios is allowed, as a matter of fact I allowed all the services, after researching the issue more deeply I found that the problem is the firmware on this sonicwall, I need the enhanced firmware, sonicwall offers a demo of this firmware at the bottom link

https://sonicos-enhanced.demo.sonicwall.com/main.html

Once i will have this firmware then I can go to Network > Interfaces and assign a different zone for my DMZ interface, like for example a regular LAN interface... then it should work! Im running the standard firmware now so this options are not available!
0
 
giltjrCommented:
When I look at the 3060 pro it has a LAN, WAN and 4 other ports.  I don't see where it has a "DMZ" interface.  From the doc is seem that you can identify each Interface as a different zone.
0
 
TurbowyAuthor Commented:
that because you are looking at the ehanced firmware version, the regular firmware you would only see Wan, LAn and DMZ, there is extrea 3 ethernet ports but they are only available to the enhanced firmware version! I am in the process of applying the ehanced version firmware so we will see how that wil work!
0
 
TurbowyAuthor Commented:
Ok I have upgraded the firmware to the enhanced version, lots of better options, now I can ping my former DMZ interface which i converted over to a LAN. so this is what I have now:
Network 1                                                              Network 2
                     T1                                                                  ADSL
                      |                                                                        |
              Sonicwall                                                            Sonicwall
      (Lan 0 - 192.168.168.1)                                   (Lan 0 - 192.168.205.0)  
                                                                               (Lan 1 - 192.168.168.240)

I have connected Lan 1 interface directly to the switch on the Network 1.
What is happening now is this, when i ping the interface 192.168.168.240 from Network 1 it replies fine, When I ping interface 192.168.168.240 from 192.168.205.0 subnet it replies fine. However, when I try to ping or access any computers on Network 1 from Network 2 it does not work. When i ping it times out!. Does any one have any idea what is going on?
0
 
giltjrCommented:
What is the default route on the computers in network 1 and network 2?



0
 
TurbowyAuthor Commented:
On Network 1 it is 192.168.168.0
On Network 2 it is 192.168.205.0
0
 
giltjrCommented:
That might be your problem. Those are not valid IP addresses, those are the network addresses.
0
 
TurbowyAuthor Commented:
So you are saying that this is the reason why on Lan 1 interface as show above, it does not let me cross to ping any computers on network 1?
0
All Courses

From novice to tech pro — start learning today.