Solved

SITE TO SITE COMMUNICATION

Posted on 2009-04-14
8
297 Views
Last Modified: 2012-05-06
HI,
   I HAVE THREE SITE ( SITE A, SITE B AND SITE C)
  SITE A HAVING ONE ROUTER
  SITE B HAVING TWO ROUTER
  SITE C HAVING ONE ROUTER
SITE A IS CONNECTD TO SITE B VIA ROUTER A AND B
SITE B IS CONNECTED TO SITE C VIA ROUTER C AND D

ROUTER B AND ROUTER C ARE ON SITE B AND HAS NO COMMUNICATION.

I HAVE ONE SERVER ON SITE C  AND I WANT THIS SERVER SHOULD ACCESS THE SERVER ON  SITE A. BUT I DONT WANT ANY OTHER COMMUNICATION EXCEPT THESE TWO SERVER HOW CAN I DO IT. I ALSO WANT TO PUT FIREWALL  TO PROVIDE ME EXTRA SECURITY.

THE DIAGRAM OF MY NETWORK IS ALSO ATTACHED.
Visio-DIAGRAM.pdf
0
Comment
Question by:prologixme
  • 5
  • 3
8 Comments
 
LVL 2

Expert Comment

by:Deoji
ID: 24142407
Connect Router B to Router C with a CrossOver cable on a free Port...
Setup IP addressing in this New Network Segment.
Router C will need Static Route to tell it that Network A is available via Router B.
Router D will need Static Route to know that Network A is available via Router C.
Router B will need Static Route to know that Network C is available via Router C.
Router A will need Static route to know that Network C is available via Router B.

At this point you have full access between the networks...

Now use an access-list in router A to only allow IP of server 2 to communicate to IP of Server 1.
Create access-list in Router D to allow only IP of server 1 to communicate to server 2.

At this point it should be working as you want it to.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24142480

This assumes you aren't already using 109 for an access-list and this is Cisco Router Syntax.

Sample Access List for the LAN interface of Router A:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any host <server1>
access-list 109 permit ip any any

Sample Access List for the LAN interface of Router D:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any host <server2>
access-list 109 permit ip any any
0
 

Author Comment

by:prologixme
ID: 24144815
AND I ALSO WNATN TO PUT THE FIREWALL IN BETWEEN ROUTER B AND ROUTER C THEN HOW CAN I  PROCEED?
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24147190
Do you have a firewall device that you are wanting to use between the two or are you refering to an access-list that would do the job in these two routers?

You could do it with access-lists simmilar to the following:

 Sample Access List for the LAN interface of Router B:

access-list 109 permit ip host <server2> host <server1>
access-list 109 deny ip any any


Sample Access List for the LAN interface of Router C:

access-list 109 permit ip host <server1> host <server2>
access-list 109 deny ip any any
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:prologixme
ID: 24147264
Yes i have a firewall ASA 5520 and Sonicwall NSA 6500 and i want to use that .
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24147376
Normally one wouldn't place a firewall between two routers at the same location.
The firewall seems a little over-kill for this senerio.
I would think you would want the firewalls between Site A and B, and between Site C and B.

If you wish to put the firewalls between Router B and Router C then you would basically connect the routers up to the firewall using CrossOver Cables. Doesn't matter which port on the Cisco because you can make any port a LAN port or a WAN port depending on your setup.
0
 

Author Comment

by:prologixme
ID: 24147780
So, if i put the firewall in between router B and C the how the configuration takes place.
0
 
LVL 2

Accepted Solution

by:
Deoji earned 500 total points
ID: 24148325
Well, if we call your firewall X then you would need to deturmine IP Addressing to use between X and C and between B and X.

Then you would configure the port on X conencted to C with an IP Address in that network and the port on C connected to X would also need an IP in that network.

Then the port on X that is connected to B would need an IP on that new network and the port on B connected to X would also get an IP in the same Network.

Your firewall will need some static routes setup so it knows how to get to site A and to Site C.

Then you basically add allowances in the firewall for traffic between the two servers and deny everything else.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
CISCO refresh sheets 2 35
SSH access to a Cisco 3702 access point 2 26
EIGRP Summary 2 31
Cisco VPN Client and Windows 10 9 29
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now