Bi-directional routing between two physical LAN's within same building

Posted on 2009-04-23
Medium Priority
Last Modified: 2012-05-06
Hi All,

We have a customer running specialist factory equipment which is all ip based which is in turn connected to two control servers, these servers allow management of all the equipment.

At present the devices and servers share the same ip / subnet range of the customers windows network.

Due to issues on the network (a recent addition with duplicate IP taking the whole factory system offline) its been suggested the custom equipment is seperated onto its own LAN with a seperate subnet / ip range.
This causes a problem in how to achieve this. Its a simple matter onsite to have all the custom equipment connected to its own switch but we would still need machines on the windows network be able to connect to these machines via say RDP to run reports and such like and to also allow the hardware support company to access the equipment remotely.

I would assume the best way would be to place a router between both networks and setup the appropriate rules to allow traffic to pass between the two subnets.

Does anyone offer any suggestions as to what piece of equipment could achieve this bearing in mind the customer has limited budget.
At present they use a Juniper Netscreen for LAN / WAN routing but as its a older 5 series model it does not have mutiple configurable LAN ports like the newer SSG20's.
We could just suggest replacing this model and let a newer SSG20 deal with the routing or provide a cheaper option without making a working piece of kit redundant.

Any help would be appreciated.

Question by:Siconltd
  • 2
LVL 21

Expert Comment

ID: 24217333
I would suggest introducing a L3 switch to do the job if firewalling between subnets is not a requirement.

you you will create several vlans with it's own subnet each - workstations, servers, special equipment, etc and switch will route between them

As for models - starting from Dlinks (DGS-3627) to Ciscos (Catalyst 3560 and 3750) and Extremes (Summit X450a)
LVL 18

Accepted Solution

Sanga Collins earned 500 total points
ID: 24217782
you can still use the netscreen 5(gt im assuming) to do this by putting the device in home-work mode.

plug the switch where are the factory equipment is connected in the home zone port, and plug the rest of your network into the work zone port. this will give you two unique subnets that are routable to each other on one netscreen 5gt.

one thing to note. in home-work mode, any equipment in the home zone can not initiate a connection to the work zone, but the work zone can initiate connections to the home zone (RDP, telnet  etc) if you do not need to connect from factory equipment servers to the rest of the network this may work for you
LVL 18

Expert Comment

by:Sanga Collins
ID: 24217798
i forgot to mention that ns25/50/200 series junipers that allow you to configure any port with any subnet are available for less that $300 on ebay. these devices have reached end-of-life so alot of companies are dumping them so they can upgrade to ssg model devices.

since they both use the same screen os, you are not missing out on much by getting and using ns series devices

Author Comment

ID: 24222466
Many thanks From_exp / Sangamc

I think the layer 3 option is out of the customers budget and as I we have a lot of customers with netscreens either trying the home work option or as I use elsewhere either going NS25 or a SSG20, the juniper kit has always been reliable at our end. Many thanks.


Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question