Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 893
  • Last Modified:

Need a second router for FTP

Need a second router for FTP.
Present setup:
Presently we have a Cisco router as our default gateway to get internet access through a T1.  
The problem is that we need to trade large CAD files with our customers and they would clog up the T1.  
To fix this we want to use a separate DSL/cable connection to send docs using FTP.  
Give LAN users the ability to send large files directly from their desktop.
How would we seamlessly access the FTP router when the DG is pointing to the Cisco router?
If using an alternate (second) IP address how does it switch between routers?
You could manually change the DG but that would be inconvenient.
You could put the DSL connection on a router that has two LAN ports and set one to the LAN subnet and the other to a DMZ on a different subnet.  Put a PC on the DMZ and access it using remote desktop to send files.
  • 4
  • 3
1 Solution
jmeggersSr. Network and Security EngineerCommented:
How big is your current Internet router and how many interfaces can it handle?  I would think the better solution would be to add an Ethernet interface for the DSL link and let the router make the forwarding decision.

If there's a reason you absolutely need a second router, my next thought would be to place it on the same LAN subnet, advertise the customer networks using a dynamic protocol and let the current Internet router redirect traffic to the customer networks over to the other router.

And if you have to purchase another router, be sure to at least consider getting one that has two Ethernet and a T1, and get back to the single-router scenario I mentioned above.  The cost may be higher, but it may be worth it to simplify the topology.
JayfoAuthor Commented:
Thanks for the reply.  Forgive my ignorance if I didn’t completely understand your answer.  The current Cisco router is owned by ATT and ties all our branch offices together on an MPLS network.  Although we probably could make configuration changes, it would be a very big deal to get ATT to customize it.  Also there is limited bandwidth on the MPLS network.  That’s why I wanted to go with a completely separate router over a DSL connection.  From what I can see the ’fly in the ointment’ is that you can only have one default gateway.  

Does it make sense to use a router with two Ethernet ports and set up one Ethernet port to the corporate LAN subnet and then set another port to a separate subnet (DMZ) and put a PC on the DMZ.  Then remote desktop connect to that PC and use it to send and receive FTP files.  
We have something almost exactly like what you are looking for.  See the diagram. IP numbers are there just for reference.

We chose the rv042 for the internet facing router because it was inexpensive, had a decent firewall and handled multiple VPN's well.
We set up the system as shown.  The SOHO router has the LAN side toward the main network and the WAN side towards the "public" NAS Device network.

We have a sonicwall where your cisco is.  You would put a route in your cisco that directed all traffic with a destination to the network to the host

We put in a rule that forwarded all FTP traffic sent to our DLS public IP to
We setup FTP users and security within the NAS device interface.

We can "search for computers" and use the IP number (within the network) and then Map the entire NAS drive share to a drive letter.  Each client that connects has their own login and only has access to their own sub-folder.  Internal users can see all sub-folders.

For a while we had 2 clients setup on site-to-site VPN's and they had drive letters mapped to their respective sub-folders on our NAS.

I can login to any of the routers on the network and configure from my workstation on the main network but our main network is completely isolated from communication initiated from the NAS network.
It is a sweet setup.  
I hope this helps.

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Sorry Jayfo, I missed the part where you cannot change the Cisco config.
You can insert a router just before your cisco and use it to redirect to your NAS network.  

You may have an issue with the subnet though.  The cisco is going to want to be on your original subnet.  The router you get is going to have to keep the same subnet on both sides, which won't work.  Maybe you can use just the LAN side ???  I've haven't tried anything like that - could do some testing but confidences are not high on that one.

One router added to the cisco would do the trick.  Maybe check on it.  I could lay out a route for it, if I had the IPs you would be using.  Maybe that would help.
Let us know.
One more thought.  You may be able to do a port forward within the SOHO bridging router (to the NAS device) and use FTP on your main network instead of mapping the drive.  

Anybody out there know if this will work??

JayfoAuthor Commented:
Thanks Dosdet2.  

Your schematic is very close to what I was thinking about.  Let me ask you this.  You show the SOHO router and the Linksys RV42.  Would one router with two Ethernet ports that could be on different subnets do the same job?  

Also, I failed to make it clear that the FTP service is hosted by an outside service provider.  My thought was to put a workstation where you have the FTP server on your diagram (this would be on a different subnet).  Then use this workstation to access the FTP service over the Internet.  Users on the internal LAN could connect to the Workstation (through the router) using a remote desktop connection.

Seems convoluted, but I’m just not sure how to get around the fact that you can only have one default gateway per subnet.
So the clients would put their files on "cloud" hosted drive, then your users would transfer from the hosted drive to their drives.  Then visa-versa for transferring the other way.  

And the reasoning for this is to save bandwidth on your T1 line.

Is that correct?

JayfoAuthor Commented:
The bandwidth saving would be to send the large files over the DSL and not the corporate MPLS network.  The corporate T1/MPLS ( ATT cisco router)  is already slow.  The goal is to leave the ATT router completely alone and somehow send the files over the DSL connection to a hosted FTP service out there in cyber space.  How does a desktop computer talk to the DSL internet connection when its default gateway is pointed to the ATT router.  Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now