Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SITE TO SITE COMMUNICATION

Posted on 2009-04-14
8
Medium Priority
?
306 Views
Last Modified: 2012-05-06
HI,
   I HAVE THREE SITE ( SITE A, SITE B AND SITE C)
  SITE A HAVING ONE ROUTER
  SITE B HAVING TWO ROUTER
  SITE C HAVING ONE ROUTER
SITE A IS CONNECTD TO SITE B VIA ROUTER A AND B
SITE B IS CONNECTED TO SITE C VIA ROUTER C AND D

ROUTER B AND ROUTER C ARE ON SITE B AND HAS NO COMMUNICATION.

I HAVE ONE SERVER ON SITE C  AND I WANT THIS SERVER SHOULD ACCESS THE SERVER ON  SITE A. BUT I DONT WANT ANY OTHER COMMUNICATION EXCEPT THESE TWO SERVER HOW CAN I DO IT. I ALSO WANT TO PUT FIREWALL  TO PROVIDE ME EXTRA SECURITY.

THE DIAGRAM OF MY NETWORK IS ALSO ATTACHED.
Visio-DIAGRAM.pdf
0
Comment
Question by:prologixme
  • 5
  • 3
8 Comments
 
LVL 2

Expert Comment

by:Deoji
ID: 24142407
Connect Router B to Router C with a CrossOver cable on a free Port...
Setup IP addressing in this New Network Segment.
Router C will need Static Route to tell it that Network A is available via Router B.
Router D will need Static Route to know that Network A is available via Router C.
Router B will need Static Route to know that Network C is available via Router C.
Router A will need Static route to know that Network C is available via Router B.

At this point you have full access between the networks...

Now use an access-list in router A to only allow IP of server 2 to communicate to IP of Server 1.
Create access-list in Router D to allow only IP of server 1 to communicate to server 2.

At this point it should be working as you want it to.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24142480

This assumes you aren't already using 109 for an access-list and this is Cisco Router Syntax.

Sample Access List for the LAN interface of Router A:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any host <server1>
access-list 109 permit ip any any

Sample Access List for the LAN interface of Router D:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any host <server2>
access-list 109 permit ip any any
0
 

Author Comment

by:prologixme
ID: 24144815
AND I ALSO WNATN TO PUT THE FIREWALL IN BETWEEN ROUTER B AND ROUTER C THEN HOW CAN I  PROCEED?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 2

Expert Comment

by:Deoji
ID: 24147190
Do you have a firewall device that you are wanting to use between the two or are you refering to an access-list that would do the job in these two routers?

You could do it with access-lists simmilar to the following:

 Sample Access List for the LAN interface of Router B:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any any


Sample Access List for the LAN interface of Router C:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any any
0
 

Author Comment

by:prologixme
ID: 24147264
Yes i have a firewall ASA 5520 and Sonicwall NSA 6500 and i want to use that .
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24147376
Normally one wouldn't place a firewall between two routers at the same location.
The firewall seems a little over-kill for this senerio.
I would think you would want the firewalls between Site A and B, and between Site C and B.

If you wish to put the firewalls between Router B and Router C then you would basically connect the routers up to the firewall using CrossOver Cables. Doesn't matter which port on the Cisco because you can make any port a LAN port or a WAN port depending on your setup.
0
 

Author Comment

by:prologixme
ID: 24147780
So, if i put the firewall in between router B and C the how the configuration takes place.
0
 
LVL 2

Accepted Solution

by:
Deoji earned 2000 total points
ID: 24148325
Well, if we call your firewall X then you would need to deturmine IP Addressing to use between X and C and between B and X.

Then you would configure the port on X conencted to C with an IP Address in that network and the port on C connected to X would also need an IP in that network.

Then the port on X that is connected to B would need an IP on that new network and the port on B connected to X would also get an IP in the same Network.

Your firewall will need some static routes setup so it knows how to get to site A and to Site C.

Then you basically add allowances in the firewall for traffic between the two servers and deny everything else.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question