Solved

Seperation of subnet - Use of Bridge or Gateway

Posted on 2008-06-20
6
383 Views
Last Modified: 2011-10-19
Hi,

I have attached a network layout for reference

I would like to know how do we allow PCs in the 1.x Network to access PCs on the 2.x Network, Both of them have separate gateway and are physically isolated from each other.
Can we make use of Natting on a bridge ? If yes how do we do this ?
Is this the only way of doing it or are there other means ?
Thanks in advance
Regards

Jagdish
forquery.JPG
0
Comment
Question by:jagdish1234
  • 3
  • 2
6 Comments
 
LVL 14

Expert Comment

by:agriesser
ID: 21830333
Well they must be interconnected in some way, otherwise you wouldn't be able to communicate between them.

As to how to implement it: What hardware is available? I see these nice icons for routers, switches and firewalls in your graphic, but is this just a scheme of what is to come (e.g. the hardware is currently _NOT_ available) or do you currently have this setup implemented and you're just unable to communicate between these two network segments?

As to your question about other ways of doing this I have to ask what _EXACTLY_ you're trying to achieve. What sort of data is to be exchanged between these two subnets? How many clients on each side? Is performance an issue (don't forget that you do tunnel all traffic through the firewalled gateway then), etc.

It would be helpful if you could provide some more details.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830518
hi!
if you want to configure communication between subnets, I would recommend configuring plain routing, without nat.
so you can configure your box 192.168.2.1 with the router to 1.x network via "firewalled gateway"
then you can configure "firewalled gateway" to  with:
1. route to the 2.x network via 192.168.2.1
2. pass traffic to 2.x network without nat
3. pass traffic from 2.x to 1.x without nat
4. configure filtering rules for traffic 2. and 3. in order to allow only needed traffic.

to my mind no additional equipment needed
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830528
and again if 192.168.2.1 is doing some nat stuff, configure it not to do that for traffic to/from 1.x
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:jagdish1234
ID: 21852390
Thanks all for the solutions.

I am sorry I had not made some things clear. My Mistake

1. Traffic should flow from 1.x to 2.x through NATing only. This is bcoz 2.x should not get any other traffic not even broadcast from any DHCP server present in the 1.x subNet
2. At present there are only 5 to 10 PCs on the 2.x subnet and about 200 PCs on the 1.x subnet. We intend to move about 50 pcs from 1.x to 2.x
3. The gateway can have one more NIC configured as 2.100. (It is a linux box) and the gateway from 2.x can terminate on it so that the physical connection is established
4. We already have the hardware implemented. The only catch being access to gateway on 2.x is NOT available to us and we need to work on the gateway of 1.x subnet only.
5. PCs on the 1.x subnet will access some of the PCs on 2.x by remote connection. (RDP)
6. If traffic will indeed be a constraint, we can have a better configuration server for the 1.x gateway.

Hope that the above points would suffice !

Thanks


0
 
LVL 21

Expert Comment

by:from_exp
ID: 21863514
Hi
I suppose you can edit my previous solution a bit. perform nat for outgoing traffic
However if you want to hide internal topology (for example connect to natted address:port instead of using direct 2.x address, you can get a lot of pain building static translations.
0
 

Accepted Solution

by:
jagdish1234 earned 0 total points
ID: 21915460
Hi,

We were able to solve this issue. What we did was added firewall rules to NAT the IP and also to forward the packets from 1.x to 2.x.

Thanks for all help.

Jagdish
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question