Seperation of subnet - Use of Bridge or Gateway

Hi,

I have attached a network layout for reference

I would like to know how do we allow PCs in the 1.x Network to access PCs on the 2.x Network, Both of them have separate gateway and are physically isolated from each other.
Can we make use of Natting on a bridge ? If yes how do we do this ?
Is this the only way of doing it or are there other means ?
Thanks in advance
Regards

Jagdish
forquery.JPG
jagdish1234Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
agriesserCommented:
Well they must be interconnected in some way, otherwise you wouldn't be able to communicate between them.

As to how to implement it: What hardware is available? I see these nice icons for routers, switches and firewalls in your graphic, but is this just a scheme of what is to come (e.g. the hardware is currently _NOT_ available) or do you currently have this setup implemented and you're just unable to communicate between these two network segments?

As to your question about other ways of doing this I have to ask what _EXACTLY_ you're trying to achieve. What sort of data is to be exchanged between these two subnets? How many clients on each side? Is performance an issue (don't forget that you do tunnel all traffic through the firewalled gateway then), etc.

It would be helpful if you could provide some more details.
0
 
from_expCommented:
hi!
if you want to configure communication between subnets, I would recommend configuring plain routing, without nat.
so you can configure your box 192.168.2.1 with the router to 1.x network via "firewalled gateway"
then you can configure "firewalled gateway" to  with:
1. route to the 2.x network via 192.168.2.1
2. pass traffic to 2.x network without nat
3. pass traffic from 2.x to 1.x without nat
4. configure filtering rules for traffic 2. and 3. in order to allow only needed traffic.

to my mind no additional equipment needed
0
 
from_expCommented:
and again if 192.168.2.1 is doing some nat stuff, configure it not to do that for traffic to/from 1.x
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
jagdish1234Author Commented:
Thanks all for the solutions.

I am sorry I had not made some things clear. My Mistake

1. Traffic should flow from 1.x to 2.x through NATing only. This is bcoz 2.x should not get any other traffic not even broadcast from any DHCP server present in the 1.x subNet
2. At present there are only 5 to 10 PCs on the 2.x subnet and about 200 PCs on the 1.x subnet. We intend to move about 50 pcs from 1.x to 2.x
3. The gateway can have one more NIC configured as 2.100. (It is a linux box) and the gateway from 2.x can terminate on it so that the physical connection is established
4. We already have the hardware implemented. The only catch being access to gateway on 2.x is NOT available to us and we need to work on the gateway of 1.x subnet only.
5. PCs on the 1.x subnet will access some of the PCs on 2.x by remote connection. (RDP)
6. If traffic will indeed be a constraint, we can have a better configuration server for the 1.x gateway.

Hope that the above points would suffice !

Thanks


0
 
from_expCommented:
Hi
I suppose you can edit my previous solution a bit. perform nat for outgoing traffic
However if you want to hide internal topology (for example connect to natted address:port instead of using direct 2.x address, you can get a lot of pain building static translations.
0
 
jagdish1234Author Commented:
Hi,

We were able to solve this issue. What we did was added firewall rules to NAT the IP and also to forward the packets from 1.x to 2.x.

Thanks for all help.

Jagdish
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.