Solved

Seperation of subnet - Use of Bridge or Gateway

Posted on 2008-06-20
6
385 Views
Last Modified: 2011-10-19
Hi,

I have attached a network layout for reference

I would like to know how do we allow PCs in the 1.x Network to access PCs on the 2.x Network, Both of them have separate gateway and are physically isolated from each other.
Can we make use of Natting on a bridge ? If yes how do we do this ?
Is this the only way of doing it or are there other means ?
Thanks in advance
Regards

Jagdish
forquery.JPG
0
Comment
Question by:jagdish1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 14

Expert Comment

by:agriesser
ID: 21830333
Well they must be interconnected in some way, otherwise you wouldn't be able to communicate between them.

As to how to implement it: What hardware is available? I see these nice icons for routers, switches and firewalls in your graphic, but is this just a scheme of what is to come (e.g. the hardware is currently _NOT_ available) or do you currently have this setup implemented and you're just unable to communicate between these two network segments?

As to your question about other ways of doing this I have to ask what _EXACTLY_ you're trying to achieve. What sort of data is to be exchanged between these two subnets? How many clients on each side? Is performance an issue (don't forget that you do tunnel all traffic through the firewalled gateway then), etc.

It would be helpful if you could provide some more details.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830518
hi!
if you want to configure communication between subnets, I would recommend configuring plain routing, without nat.
so you can configure your box 192.168.2.1 with the router to 1.x network via "firewalled gateway"
then you can configure "firewalled gateway" to  with:
1. route to the 2.x network via 192.168.2.1
2. pass traffic to 2.x network without nat
3. pass traffic from 2.x to 1.x without nat
4. configure filtering rules for traffic 2. and 3. in order to allow only needed traffic.

to my mind no additional equipment needed
0
 
LVL 21

Expert Comment

by:from_exp
ID: 21830528
and again if 192.168.2.1 is doing some nat stuff, configure it not to do that for traffic to/from 1.x
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:jagdish1234
ID: 21852390
Thanks all for the solutions.

I am sorry I had not made some things clear. My Mistake

1. Traffic should flow from 1.x to 2.x through NATing only. This is bcoz 2.x should not get any other traffic not even broadcast from any DHCP server present in the 1.x subNet
2. At present there are only 5 to 10 PCs on the 2.x subnet and about 200 PCs on the 1.x subnet. We intend to move about 50 pcs from 1.x to 2.x
3. The gateway can have one more NIC configured as 2.100. (It is a linux box) and the gateway from 2.x can terminate on it so that the physical connection is established
4. We already have the hardware implemented. The only catch being access to gateway on 2.x is NOT available to us and we need to work on the gateway of 1.x subnet only.
5. PCs on the 1.x subnet will access some of the PCs on 2.x by remote connection. (RDP)
6. If traffic will indeed be a constraint, we can have a better configuration server for the 1.x gateway.

Hope that the above points would suffice !

Thanks


0
 
LVL 21

Expert Comment

by:from_exp
ID: 21863514
Hi
I suppose you can edit my previous solution a bit. perform nat for outgoing traffic
However if you want to hide internal topology (for example connect to natted address:port instead of using direct 2.x address, you can get a lot of pain building static translations.
0
 

Accepted Solution

by:
jagdish1234 earned 0 total points
ID: 21915460
Hi,

We were able to solve this issue. What we did was added firewall rules to NAT the IP and also to forward the packets from 1.x to 2.x.

Thanks for all help.

Jagdish
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question