Solved

Need a second router for FTP

Posted on 2010-11-10
8
790 Views
Last Modified: 2012-05-10
Need a second router for FTP.
Present setup:
Presently we have a Cisco router as our default gateway to get internet access through a T1.  
The problem is that we need to trade large CAD files with our customers and they would clog up the T1.  
To fix this we want to use a separate DSL/cable connection to send docs using FTP.  
Goal:
Give LAN users the ability to send large files directly from their desktop.
Questions:
How would we seamlessly access the FTP router when the DG is pointing to the Cisco router?
Thoughts:
If using an alternate (second) IP address how does it switch between routers?
You could manually change the DG but that would be inconvenient.
You could put the DSL connection on a router that has two LAN ports and set one to the LAN subnet and the other to a DMZ on a different subnet.  Put a PC on the DMZ and access it using remote desktop to send files.
0
Comment
Question by:Jayfo
  • 4
  • 3
8 Comments
 
LVL 18

Expert Comment

by:jmeggers
Comment Utility
How big is your current Internet router and how many interfaces can it handle?  I would think the better solution would be to add an Ethernet interface for the DSL link and let the router make the forwarding decision.

If there's a reason you absolutely need a second router, my next thought would be to place it on the same LAN subnet, advertise the customer networks using a dynamic protocol and let the current Internet router redirect traffic to the customer networks over to the other router.

And if you have to purchase another router, be sure to at least consider getting one that has two Ethernet and a T1, and get back to the single-router scenario I mentioned above.  The cost may be higher, but it may be worth it to simplify the topology.
0
 

Author Comment

by:Jayfo
Comment Utility
Thanks for the reply.  Forgive my ignorance if I didn’t completely understand your answer.  The current Cisco router is owned by ATT and ties all our branch offices together on an MPLS network.  Although we probably could make configuration changes, it would be a very big deal to get ATT to customize it.  Also there is limited bandwidth on the MPLS network.  That’s why I wanted to go with a completely separate router over a DSL connection.  From what I can see the ’fly in the ointment’ is that you can only have one default gateway.  

Does it make sense to use a router with two Ethernet ports and set up one Ethernet port to the corporate LAN subnet and then set another port to a separate subnet (DMZ) and put a PC on the DMZ.  Then remote desktop connect to that PC and use it to send and receive FTP files.  
0
 
LVL 8

Accepted Solution

by:
dosdet2 earned 500 total points
Comment Utility
We have something almost exactly like what you are looking for.  See the diagram. IP numbers are there just for reference.

We chose the rv042 for the internet facing router because it was inexpensive, had a decent firewall and handled multiple VPN's well.
We set up the system as shown.  The SOHO router has the LAN side toward the main network and the WAN side towards the "public" NAS Device network.

We have a sonicwall where your cisco is.  You would put a route in your cisco that directed all traffic with a destination to the 10.10.200.0/24 network to the host 10.10.10.10

We put in a rule that forwarded all FTP traffic sent to our DLS public IP to 10.10.200.10.
We setup FTP users and security within the NAS device interface.

We can "search for computers" and use the 10.10.200.10 IP number (within the network) and then Map the entire NAS drive share to a drive letter.  Each client that connects has their own login and only has access to their own sub-folder.  Internal users can see all sub-folders.

For a while we had 2 clients setup on site-to-site VPN's and they had drive letters mapped to their respective sub-folders on our NAS.

I can login to any of the routers on the 10.10.200.0 network and configure from my workstation on the main network but our main network is completely isolated from communication initiated from the NAS network.
It is a sweet setup.  
I hope this helps.




2-SeperateNetworks.JPG
0
 
LVL 8

Expert Comment

by:dosdet2
Comment Utility
Sorry Jayfo, I missed the part where you cannot change the Cisco config.
You can insert a router just before your cisco and use it to redirect to your NAS network.  

You may have an issue with the subnet though.  The cisco is going to want to be on your original subnet.  The router you get is going to have to keep the same subnet on both sides, which won't work.  Maybe you can use just the LAN side ???  I've haven't tried anything like that - could do some testing but confidences are not high on that one.

One router added to the cisco would do the trick.  Maybe check on it.  I could lay out a route for it, if I had the IPs you would be using.  Maybe that would help.
Let us know.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 8

Expert Comment

by:dosdet2
Comment Utility
One more thought.  You may be able to do a port forward within the SOHO bridging router (to the NAS device) and use FTP on your main network instead of mapping the drive.  

Anybody out there know if this will work??

0
 

Author Comment

by:Jayfo
Comment Utility
Thanks Dosdet2.  

Your schematic is very close to what I was thinking about.  Let me ask you this.  You show the SOHO router and the Linksys RV42.  Would one router with two Ethernet ports that could be on different subnets do the same job?  

Also, I failed to make it clear that the FTP service is hosted by an outside service provider.  My thought was to put a workstation where you have the FTP server on your diagram (this would be on a different subnet).  Then use this workstation to access the FTP service over the Internet.  Users on the internal LAN could connect to the Workstation (through the router) using a remote desktop connection.

Seems convoluted, but I’m just not sure how to get around the fact that you can only have one default gateway per subnet.
0
 
LVL 8

Expert Comment

by:dosdet2
Comment Utility
So the clients would put their files on "cloud" hosted drive, then your users would transfer from the hosted drive to their drives.  Then visa-versa for transferring the other way.  

And the reasoning for this is to save bandwidth on your T1 line.

Is that correct?


0
 

Author Comment

by:Jayfo
Comment Utility
The bandwidth saving would be to send the large files over the DSL and not the corporate MPLS network.  The corporate T1/MPLS ( ATT cisco router)  is already slow.  The goal is to leave the ATT router completely alone and somehow send the files over the DSL connection to a hosted FTP service out there in cyber space.  How does a desktop computer talk to the DSL internet connection when its default gateway is pointed to the ATT router.  Thanks.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Let’s list some of the technologies that enable smooth teleworking. 
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now