Solved

2 Routers, 2 WANS, One Network

Posted on 2011-02-23
13
647 Views
Last Modified: 2012-06-21
I have two WAN connections on two Routers (Sonicwall and 3COM) that share the same subnet.

The computers are all static IP addresses and they specify their respective router as a gateway.

However, the computers on the Sonicwall can't see the computers on the 3COM.  Is there a way to get all the PCs to see each other while maintaining access to both routers?
0
Comment
Question by:rvdsabu4life
  • 5
  • 5
  • 3
13 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34960962
Just to make one thing clear, you said they specify their respective router as a gateway So each PC has only access to one router hasn't it?

Do you have a switch in place to connect the lot?
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34960998
If WAN is connected to internet, so problem could be with NAT on WAN interfaces. If WAN interface is not connected to internet but it's just your local network it can be done with static nat (1:1). Of course this can be also done when using internet on WAN ports but you need a wide range of public addresses :)
Second option to to bypass NAT for internal range. Have to add rule which bypass NAT when connecting from private network 1 to network 2.
0
 

Author Comment

by:rvdsabu4life
ID: 34961263
Just to make one thing clear, you said they specify their respective router as a gateway So each PC has only access to one router hasn't it?

Do you have a switch in place to connect the lot?

Correct.  I have 2 2960s In place now
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34961374
Traffic between WAN interfaces goes throught ISP or local switch ?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34961390
So the PC's are hooked up to the switches but they can't see each other. And switches are connected as well?
In that case you might want to look at the setup of the switches.
0
 

Author Comment

by:rvdsabu4life
ID: 34961532
Traffic between WAN interfaces goes throught ISP or local switch ?

Traffic goes from the PCs, to the switches, to the routers.

So the PC's are hooked up to the switches but they can't see each other. And switches are connected as well?

Yes.  Could someone explain the NAT on WAN interfaces.  I was reading something about this and I think it might work.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34961698
I think I need more coffee.....

Misread the question, let's see if I got it right now:

You have two routers which are on the same public subnet. Behind those routers are two networks with PC's within two private subnets. You want the pc's from both networks to be able to see each other.

If that is the case I think the best thing to do is to try and set up a site to site VPN between the two routers. That way the PC's can see each other and you are secure because you are still traversing a public network.
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34961776
When you are talking about WAN interfaces I hope that this WAN interfaces are connected to internet (or other public carrier). If WAN port is connected to internet and you want users to access internet you need to make address translation (NAP/PAT) on WAN interface. Here is base articla from cisco how nat works

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

Here is little example similar to yours.
My computer is PC-A with ip address 192.168.1.1/24 connected to router (Sonicwall). Your computer is PC-B with ip address 192.168.2.1/24 connected to router (3com). Try to ping my ip address :)

There are different ways to make this works but it depends on your network topology. Can you draw a little schema with ip address range and logical connections ?
0
 
LVL 4

Expert Comment

by:Kendzast
ID: 34961934
erniebeek: I'm not sure if you can make site to site VPN between 3com and sonicwall. On cisco device this scenario would be a piece of cake configuration :) But the main idea you mentioned is correct. One of the next option is to "don't NAT" traffic from private network A (behing sonicwall) and network B (behind 3com). You need to write exception NAT rule (ACL) for this specific traffic. Disadvanage is when somebody sniffs traffic between WAN interfaces can see original (private) IP addresses of your computers.
I would prefere direct cable (wireless) connection between this 2 networks (if it is possible) and route them. In this case you don't need to configure NAT exceptions because traffic between this 2 networks would not flow through WAN interfaces but through direct line.
0
 

Author Comment

by:rvdsabu4life
ID: 34963507
@Kendzast

I will advise after I read the article.

@erniebeek

Correct.  However, the public subnets are not the same.
0
 

Author Comment

by:rvdsabu4life
ID: 34963863
OK, so if I followed these instructions, my setup could work?

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24992501.html

0
 
LVL 4

Accepted Solution

by:
Kendzast earned 500 total points
ID: 34964205
No :) You don't need MPLS implementation.

Here is configuration example for Sonicwall
http://doc.m0n0.ch/handbook/examplevpn.html

Somethig similar like I did, from cisco
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml
You can route private IP subnets over GRE tunnel. OSPF, RIP, EIGRP support. Great thing!

0
 

Author Comment

by:rvdsabu4life
ID: 34978894
I was able to successfully do what I needed to this morning.  Thanks for all the help!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now