Solved

SITE TO SITE COMMUNICATION

Posted on 2009-04-14
8
300 Views
Last Modified: 2012-05-06
HI,
   I HAVE THREE SITE ( SITE A, SITE B AND SITE C)
  SITE A HAVING ONE ROUTER
  SITE B HAVING TWO ROUTER
  SITE C HAVING ONE ROUTER
SITE A IS CONNECTD TO SITE B VIA ROUTER A AND B
SITE B IS CONNECTED TO SITE C VIA ROUTER C AND D

ROUTER B AND ROUTER C ARE ON SITE B AND HAS NO COMMUNICATION.

I HAVE ONE SERVER ON SITE C  AND I WANT THIS SERVER SHOULD ACCESS THE SERVER ON  SITE A. BUT I DONT WANT ANY OTHER COMMUNICATION EXCEPT THESE TWO SERVER HOW CAN I DO IT. I ALSO WANT TO PUT FIREWALL  TO PROVIDE ME EXTRA SECURITY.

THE DIAGRAM OF MY NETWORK IS ALSO ATTACHED.
Visio-DIAGRAM.pdf
0
Comment
Question by:prologixme
  • 5
  • 3
8 Comments
 
LVL 2

Expert Comment

by:Deoji
ID: 24142407
Connect Router B to Router C with a CrossOver cable on a free Port...
Setup IP addressing in this New Network Segment.
Router C will need Static Route to tell it that Network A is available via Router B.
Router D will need Static Route to know that Network A is available via Router C.
Router B will need Static Route to know that Network C is available via Router C.
Router A will need Static route to know that Network C is available via Router B.

At this point you have full access between the networks...

Now use an access-list in router A to only allow IP of server 2 to communicate to IP of Server 1.
Create access-list in Router D to allow only IP of server 1 to communicate to server 2.

At this point it should be working as you want it to.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24142480

This assumes you aren't already using 109 for an access-list and this is Cisco Router Syntax.

Sample Access List for the LAN interface of Router A:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any host <server1>
access-list 109 permit ip any any

Sample Access List for the LAN interface of Router D:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any host <server2>
access-list 109 permit ip any any
0
 

Author Comment

by:prologixme
ID: 24144815
AND I ALSO WNATN TO PUT THE FIREWALL IN BETWEEN ROUTER B AND ROUTER C THEN HOW CAN I  PROCEED?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Expert Comment

by:Deoji
ID: 24147190
Do you have a firewall device that you are wanting to use between the two or are you refering to an access-list that would do the job in these two routers?

You could do it with access-lists simmilar to the following:

 Sample Access List for the LAN interface of Router B:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any any


Sample Access List for the LAN interface of Router C:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any any
0
 

Author Comment

by:prologixme
ID: 24147264
Yes i have a firewall ASA 5520 and Sonicwall NSA 6500 and i want to use that .
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24147376
Normally one wouldn't place a firewall between two routers at the same location.
The firewall seems a little over-kill for this senerio.
I would think you would want the firewalls between Site A and B, and between Site C and B.

If you wish to put the firewalls between Router B and Router C then you would basically connect the routers up to the firewall using CrossOver Cables. Doesn't matter which port on the Cisco because you can make any port a LAN port or a WAN port depending on your setup.
0
 

Author Comment

by:prologixme
ID: 24147780
So, if i put the firewall in between router B and C the how the configuration takes place.
0
 
LVL 2

Accepted Solution

by:
Deoji earned 500 total points
ID: 24148325
Well, if we call your firewall X then you would need to deturmine IP Addressing to use between X and C and between B and X.

Then you would configure the port on X conencted to C with an IP Address in that network and the port on C connected to X would also need an IP in that network.

Then the port on X that is connected to B would need an IP on that new network and the port on B connected to X would also get an IP in the same Network.

Your firewall will need some static routes setup so it knows how to get to site A and to Site C.

Then you basically add allowances in the firewall for traffic between the two servers and deny everything else.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EIGRP STUB 19 69
Palo Alto Networks: Packet Trace Simulator? 2 42
Home network with two AP's dropping WiFi connectivity 12 46
Cisco ASA 3 25
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now