Solved

Seperation of subnet - Use of Bridge or Gateway

Posted on 2008-06-20
6
377 Views
Last Modified: 2011-10-19
Hi,

I have attached a network layout for reference

I would like to know how do we allow PCs in the 1.x Network to access PCs on the 2.x Network, Both of them have separate gateway and are physically isolated from each other.
Can we make use of Natting on a bridge ? If yes how do we do this ?
Is this the only way of doing it or are there other means ?
Thanks in advance
Regards

Jagdish
forquery.JPG
0
Comment
Question by:jagdish1234
  • 3
  • 2
6 Comments
 
LVL 14

Expert Comment

by:agriesser
ID: 21830333
Well they must be interconnected in some way, otherwise you wouldn't be able to communicate between them.

As to how to implement it: What hardware is available? I see these nice icons for routers, switches and firewalls in your graphic, but is this just a scheme of what is to come (e.g. the hardware is currently _NOT_ available) or do you currently have this setup implemented and you're just unable to communicate between these two network segments?

As to your question about other ways of doing this I have to ask what _EXACTLY_ you're trying to achieve. What sort of data is to be exchanged between these two subnets? How many clients on each side? Is performance an issue (don't forget that you do tunnel all traffic through the firewalled gateway then), etc.

It would be helpful if you could provide some more details.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830518
hi!
if you want to configure communication between subnets, I would recommend configuring plain routing, without nat.
so you can configure your box 192.168.2.1 with the router to 1.x network via "firewalled gateway"
then you can configure "firewalled gateway" to  with:
1. route to the 2.x network via 192.168.2.1
2. pass traffic to 2.x network without nat
3. pass traffic from 2.x to 1.x without nat
4. configure filtering rules for traffic 2. and 3. in order to allow only needed traffic.

to my mind no additional equipment needed
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830528
and again if 192.168.2.1 is doing some nat stuff, configure it not to do that for traffic to/from 1.x
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:jagdish1234
ID: 21852390
Thanks all for the solutions.

I am sorry I had not made some things clear. My Mistake

1. Traffic should flow from 1.x to 2.x through NATing only. This is bcoz 2.x should not get any other traffic not even broadcast from any DHCP server present in the 1.x subNet
2. At present there are only 5 to 10 PCs on the 2.x subnet and about 200 PCs on the 1.x subnet. We intend to move about 50 pcs from 1.x to 2.x
3. The gateway can have one more NIC configured as 2.100. (It is a linux box) and the gateway from 2.x can terminate on it so that the physical connection is established
4. We already have the hardware implemented. The only catch being access to gateway on 2.x is NOT available to us and we need to work on the gateway of 1.x subnet only.
5. PCs on the 1.x subnet will access some of the PCs on 2.x by remote connection. (RDP)
6. If traffic will indeed be a constraint, we can have a better configuration server for the 1.x gateway.

Hope that the above points would suffice !

Thanks


0
 
LVL 21

Expert Comment

by:from_exp
ID: 21863514
Hi
I suppose you can edit my previous solution a bit. perform nat for outgoing traffic
However if you want to hide internal topology (for example connect to natted address:port instead of using direct 2.x address, you can get a lot of pain building static translations.
0
 

Accepted Solution

by:
jagdish1234 earned 0 total points
ID: 21915460
Hi,

We were able to solve this issue. What we did was added firewall rules to NAT the IP and also to forward the packets from 1.x to 2.x.

Thanks for all help.

Jagdish
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now