Bi-directional routing between two physical LAN's within same building

Posted on 2009-04-23
Last Modified: 2012-05-06
Hi All,

We have a customer running specialist factory equipment which is all ip based which is in turn connected to two control servers, these servers allow management of all the equipment.

At present the devices and servers share the same ip / subnet range of the customers windows network.

Due to issues on the network (a recent addition with duplicate IP taking the whole factory system offline) its been suggested the custom equipment is seperated onto its own LAN with a seperate subnet / ip range.
This causes a problem in how to achieve this. Its a simple matter onsite to have all the custom equipment connected to its own switch but we would still need machines on the windows network be able to connect to these machines via say RDP to run reports and such like and to also allow the hardware support company to access the equipment remotely.

I would assume the best way would be to place a router between both networks and setup the appropriate rules to allow traffic to pass between the two subnets.

Does anyone offer any suggestions as to what piece of equipment could achieve this bearing in mind the customer has limited budget.
At present they use a Juniper Netscreen for LAN / WAN routing but as its a older 5 series model it does not have mutiple configurable LAN ports like the newer SSG20's.
We could just suggest replacing this model and let a newer SSG20 deal with the routing or provide a cheaper option without making a working piece of kit redundant.

Any help would be appreciated.

Question by:Siconltd
    LVL 21

    Expert Comment

    I would suggest introducing a L3 switch to do the job if firewalling between subnets is not a requirement.

    you you will create several vlans with it's own subnet each - workstations, servers, special equipment, etc and switch will route between them

    As for models - starting from Dlinks (DGS-3627) to Ciscos (Catalyst 3560 and 3750) and Extremes (Summit X450a)
    LVL 18

    Accepted Solution

    you can still use the netscreen 5(gt im assuming) to do this by putting the device in home-work mode.

    plug the switch where are the factory equipment is connected in the home zone port, and plug the rest of your network into the work zone port. this will give you two unique subnets that are routable to each other on one netscreen 5gt.

    one thing to note. in home-work mode, any equipment in the home zone can not initiate a connection to the work zone, but the work zone can initiate connections to the home zone (RDP, telnet  etc) if you do not need to connect from factory equipment servers to the rest of the network this may work for you
    LVL 18

    Expert Comment

    by:Sanga Collins
    i forgot to mention that ns25/50/200 series junipers that allow you to configure any port with any subnet are available for less that $300 on ebay. these devices have reached end-of-life so alot of companies are dumping them so they can upgrade to ssg model devices.

    since they both use the same screen os, you are not missing out on much by getting and using ns series devices

    Author Comment

    Many thanks From_exp / Sangamc

    I think the layer 3 option is out of the customers budget and as I we have a lot of customers with netscreens either trying the home work option or as I use elsewhere either going NS25 or a SSG20, the juniper kit has always been reliable at our end. Many thanks.


    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now