Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Seperation of subnet - Use of Bridge or Gateway

Posted on 2008-06-20
6
Medium Priority
?
388 Views
Last Modified: 2011-10-19
Hi,

I have attached a network layout for reference

I would like to know how do we allow PCs in the 1.x Network to access PCs on the 2.x Network, Both of them have separate gateway and are physically isolated from each other.
Can we make use of Natting on a bridge ? If yes how do we do this ?
Is this the only way of doing it or are there other means ?
Thanks in advance
Regards

Jagdish
forquery.JPG
0
Comment
Question by:jagdish1234
  • 3
  • 2
6 Comments
 
LVL 14

Expert Comment

by:agriesser
ID: 21830333
Well they must be interconnected in some way, otherwise you wouldn't be able to communicate between them.

As to how to implement it: What hardware is available? I see these nice icons for routers, switches and firewalls in your graphic, but is this just a scheme of what is to come (e.g. the hardware is currently _NOT_ available) or do you currently have this setup implemented and you're just unable to communicate between these two network segments?

As to your question about other ways of doing this I have to ask what _EXACTLY_ you're trying to achieve. What sort of data is to be exchanged between these two subnets? How many clients on each side? Is performance an issue (don't forget that you do tunnel all traffic through the firewalled gateway then), etc.

It would be helpful if you could provide some more details.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830518
hi!
if you want to configure communication between subnets, I would recommend configuring plain routing, without nat.
so you can configure your box 192.168.2.1 with the router to 1.x network via "firewalled gateway"
then you can configure "firewalled gateway" to  with:
1. route to the 2.x network via 192.168.2.1
2. pass traffic to 2.x network without nat
3. pass traffic from 2.x to 1.x without nat
4. configure filtering rules for traffic 2. and 3. in order to allow only needed traffic.

to my mind no additional equipment needed
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830528
and again if 192.168.2.1 is doing some nat stuff, configure it not to do that for traffic to/from 1.x
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 

Author Comment

by:jagdish1234
ID: 21852390
Thanks all for the solutions.

I am sorry I had not made some things clear. My Mistake

1. Traffic should flow from 1.x to 2.x through NATing only. This is bcoz 2.x should not get any other traffic not even broadcast from any DHCP server present in the 1.x subNet
2. At present there are only 5 to 10 PCs on the 2.x subnet and about 200 PCs on the 1.x subnet. We intend to move about 50 pcs from 1.x to 2.x
3. The gateway can have one more NIC configured as 2.100. (It is a linux box) and the gateway from 2.x can terminate on it so that the physical connection is established
4. We already have the hardware implemented. The only catch being access to gateway on 2.x is NOT available to us and we need to work on the gateway of 1.x subnet only.
5. PCs on the 1.x subnet will access some of the PCs on 2.x by remote connection. (RDP)
6. If traffic will indeed be a constraint, we can have a better configuration server for the 1.x gateway.

Hope that the above points would suffice !

Thanks


0
 
LVL 21

Expert Comment

by:from_exp
ID: 21863514
Hi
I suppose you can edit my previous solution a bit. perform nat for outgoing traffic
However if you want to hide internal topology (for example connect to natted address:port instead of using direct 2.x address, you can get a lot of pain building static translations.
0
 

Accepted Solution

by:
jagdish1234 earned 0 total points
ID: 21915460
Hi,

We were able to solve this issue. What we did was added firewall rules to NAT the IP and also to forward the packets from 1.x to 2.x.

Thanks for all help.

Jagdish
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question