Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 307
  • Last Modified:

SITE TO SITE COMMUNICATION

HI,
   I HAVE THREE SITE ( SITE A, SITE B AND SITE C)
  SITE A HAVING ONE ROUTER
  SITE B HAVING TWO ROUTER
  SITE C HAVING ONE ROUTER
SITE A IS CONNECTD TO SITE B VIA ROUTER A AND B
SITE B IS CONNECTED TO SITE C VIA ROUTER C AND D

ROUTER B AND ROUTER C ARE ON SITE B AND HAS NO COMMUNICATION.

I HAVE ONE SERVER ON SITE C  AND I WANT THIS SERVER SHOULD ACCESS THE SERVER ON  SITE A. BUT I DONT WANT ANY OTHER COMMUNICATION EXCEPT THESE TWO SERVER HOW CAN I DO IT. I ALSO WANT TO PUT FIREWALL  TO PROVIDE ME EXTRA SECURITY.

THE DIAGRAM OF MY NETWORK IS ALSO ATTACHED.
Visio-DIAGRAM.pdf
0
prologixme
Asked:
prologixme
  • 5
  • 3
1 Solution
 
DeojiCommented:
Connect Router B to Router C with a CrossOver cable on a free Port...
Setup IP addressing in this New Network Segment.
Router C will need Static Route to tell it that Network A is available via Router B.
Router D will need Static Route to know that Network A is available via Router C.
Router B will need Static Route to know that Network C is available via Router C.
Router A will need Static route to know that Network C is available via Router B.

At this point you have full access between the networks...

Now use an access-list in router A to only allow IP of server 2 to communicate to IP of Server 1.
Create access-list in Router D to allow only IP of server 1 to communicate to server 2.

At this point it should be working as you want it to.
0
 
DeojiCommented:

This assumes you aren't already using 109 for an access-list and this is Cisco Router Syntax.

Sample Access List for the LAN interface of Router A:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any host <server1>
access-list 109 permit ip any any

Sample Access List for the LAN interface of Router D:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any host <server2>
access-list 109 permit ip any any
0
 
prologixmeAuthor Commented:
AND I ALSO WNATN TO PUT THE FIREWALL IN BETWEEN ROUTER B AND ROUTER C THEN HOW CAN I  PROCEED?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
DeojiCommented:
Do you have a firewall device that you are wanting to use between the two or are you refering to an access-list that would do the job in these two routers?

You could do it with access-lists simmilar to the following:

 Sample Access List for the LAN interface of Router B:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any any


Sample Access List for the LAN interface of Router C:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any any
0
 
prologixmeAuthor Commented:
Yes i have a firewall ASA 5520 and Sonicwall NSA 6500 and i want to use that .
0
 
DeojiCommented:
Normally one wouldn't place a firewall between two routers at the same location.
The firewall seems a little over-kill for this senerio.
I would think you would want the firewalls between Site A and B, and between Site C and B.

If you wish to put the firewalls between Router B and Router C then you would basically connect the routers up to the firewall using CrossOver Cables. Doesn't matter which port on the Cisco because you can make any port a LAN port or a WAN port depending on your setup.
0
 
prologixmeAuthor Commented:
So, if i put the firewall in between router B and C the how the configuration takes place.
0
 
DeojiCommented:
Well, if we call your firewall X then you would need to deturmine IP Addressing to use between X and C and between B and X.

Then you would configure the port on X conencted to C with an IP Address in that network and the port on C connected to X would also need an IP in that network.

Then the port on X that is connected to B would need an IP on that new network and the port on B connected to X would also get an IP in the same Network.

Your firewall will need some static routes setup so it knows how to get to site A and to Site C.

Then you basically add allowances in the firewall for traffic between the two servers and deny everything else.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now