Solved

SITE TO SITE COMMUNICATION

Posted on 2009-04-14
8
304 Views
Last Modified: 2012-05-06
HI,
   I HAVE THREE SITE ( SITE A, SITE B AND SITE C)
  SITE A HAVING ONE ROUTER
  SITE B HAVING TWO ROUTER
  SITE C HAVING ONE ROUTER
SITE A IS CONNECTD TO SITE B VIA ROUTER A AND B
SITE B IS CONNECTED TO SITE C VIA ROUTER C AND D

ROUTER B AND ROUTER C ARE ON SITE B AND HAS NO COMMUNICATION.

I HAVE ONE SERVER ON SITE C  AND I WANT THIS SERVER SHOULD ACCESS THE SERVER ON  SITE A. BUT I DONT WANT ANY OTHER COMMUNICATION EXCEPT THESE TWO SERVER HOW CAN I DO IT. I ALSO WANT TO PUT FIREWALL  TO PROVIDE ME EXTRA SECURITY.

THE DIAGRAM OF MY NETWORK IS ALSO ATTACHED.
Visio-DIAGRAM.pdf
0
Comment
Question by:prologixme
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 2

Expert Comment

by:Deoji
ID: 24142407
Connect Router B to Router C with a CrossOver cable on a free Port...
Setup IP addressing in this New Network Segment.
Router C will need Static Route to tell it that Network A is available via Router B.
Router D will need Static Route to know that Network A is available via Router C.
Router B will need Static Route to know that Network C is available via Router C.
Router A will need Static route to know that Network C is available via Router B.

At this point you have full access between the networks...

Now use an access-list in router A to only allow IP of server 2 to communicate to IP of Server 1.
Create access-list in Router D to allow only IP of server 1 to communicate to server 2.

At this point it should be working as you want it to.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24142480

This assumes you aren't already using 109 for an access-list and this is Cisco Router Syntax.

Sample Access List for the LAN interface of Router A:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any host <server1>
access-list 109 permit ip any any

Sample Access List for the LAN interface of Router D:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any host <server2>
access-list 109 permit ip any any
0
 

Author Comment

by:prologixme
ID: 24144815
AND I ALSO WNATN TO PUT THE FIREWALL IN BETWEEN ROUTER B AND ROUTER C THEN HOW CAN I  PROCEED?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:Deoji
ID: 24147190
Do you have a firewall device that you are wanting to use between the two or are you refering to an access-list that would do the job in these two routers?

You could do it with access-lists simmilar to the following:

 Sample Access List for the LAN interface of Router B:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any any


Sample Access List for the LAN interface of Router C:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any any
0
 

Author Comment

by:prologixme
ID: 24147264
Yes i have a firewall ASA 5520 and Sonicwall NSA 6500 and i want to use that .
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24147376
Normally one wouldn't place a firewall between two routers at the same location.
The firewall seems a little over-kill for this senerio.
I would think you would want the firewalls between Site A and B, and between Site C and B.

If you wish to put the firewalls between Router B and Router C then you would basically connect the routers up to the firewall using CrossOver Cables. Doesn't matter which port on the Cisco because you can make any port a LAN port or a WAN port depending on your setup.
0
 

Author Comment

by:prologixme
ID: 24147780
So, if i put the firewall in between router B and C the how the configuration takes place.
0
 
LVL 2

Accepted Solution

by:
Deoji earned 500 total points
ID: 24148325
Well, if we call your firewall X then you would need to deturmine IP Addressing to use between X and C and between B and X.

Then you would configure the port on X conencted to C with an IP Address in that network and the port on C connected to X would also need an IP in that network.

Then the port on X that is connected to B would need an IP on that new network and the port on B connected to X would also get an IP in the same Network.

Your firewall will need some static routes setup so it knows how to get to site A and to Site C.

Then you basically add allowances in the firewall for traffic between the two servers and deny everything else.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month8 days, 19 hours left to enroll

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question