Solved

2 Routers, 2 WANS, One Network

Posted on 2011-02-23
13
645 Views
Last Modified: 2012-06-21
I have two WAN connections on two Routers (Sonicwall and 3COM) that share the same subnet.

The computers are all static IP addresses and they specify their respective router as a gateway.

However, the computers on the Sonicwall can't see the computers on the 3COM.  Is there a way to get all the PCs to see each other while maintaining access to both routers?
0
Comment
Question by:rvdsabu4life
  • 5
  • 5
  • 3
13 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Just to make one thing clear, you said they specify their respective router as a gateway So each PC has only access to one router hasn't it?

Do you have a switch in place to connect the lot?
0
 
LVL 4

Expert Comment

by:Kendzast
Comment Utility
If WAN is connected to internet, so problem could be with NAT on WAN interfaces. If WAN interface is not connected to internet but it's just your local network it can be done with static nat (1:1). Of course this can be also done when using internet on WAN ports but you need a wide range of public addresses :)
Second option to to bypass NAT for internal range. Have to add rule which bypass NAT when connecting from private network 1 to network 2.
0
 

Author Comment

by:rvdsabu4life
Comment Utility
Just to make one thing clear, you said they specify their respective router as a gateway So each PC has only access to one router hasn't it?

Do you have a switch in place to connect the lot?

Correct.  I have 2 2960s In place now
0
 
LVL 4

Expert Comment

by:Kendzast
Comment Utility
Traffic between WAN interfaces goes throught ISP or local switch ?
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
So the PC's are hooked up to the switches but they can't see each other. And switches are connected as well?
In that case you might want to look at the setup of the switches.
0
 

Author Comment

by:rvdsabu4life
Comment Utility
Traffic between WAN interfaces goes throught ISP or local switch ?

Traffic goes from the PCs, to the switches, to the routers.

So the PC's are hooked up to the switches but they can't see each other. And switches are connected as well?

Yes.  Could someone explain the NAT on WAN interfaces.  I was reading something about this and I think it might work.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
I think I need more coffee.....

Misread the question, let's see if I got it right now:

You have two routers which are on the same public subnet. Behind those routers are two networks with PC's within two private subnets. You want the pc's from both networks to be able to see each other.

If that is the case I think the best thing to do is to try and set up a site to site VPN between the two routers. That way the PC's can see each other and you are secure because you are still traversing a public network.
0
 
LVL 4

Expert Comment

by:Kendzast
Comment Utility
When you are talking about WAN interfaces I hope that this WAN interfaces are connected to internet (or other public carrier). If WAN port is connected to internet and you want users to access internet you need to make address translation (NAP/PAT) on WAN interface. Here is base articla from cisco how nat works

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

Here is little example similar to yours.
My computer is PC-A with ip address 192.168.1.1/24 connected to router (Sonicwall). Your computer is PC-B with ip address 192.168.2.1/24 connected to router (3com). Try to ping my ip address :)

There are different ways to make this works but it depends on your network topology. Can you draw a little schema with ip address range and logical connections ?
0
 
LVL 4

Expert Comment

by:Kendzast
Comment Utility
erniebeek: I'm not sure if you can make site to site VPN between 3com and sonicwall. On cisco device this scenario would be a piece of cake configuration :) But the main idea you mentioned is correct. One of the next option is to "don't NAT" traffic from private network A (behing sonicwall) and network B (behind 3com). You need to write exception NAT rule (ACL) for this specific traffic. Disadvanage is when somebody sniffs traffic between WAN interfaces can see original (private) IP addresses of your computers.
I would prefere direct cable (wireless) connection between this 2 networks (if it is possible) and route them. In this case you don't need to configure NAT exceptions because traffic between this 2 networks would not flow through WAN interfaces but through direct line.
0
 

Author Comment

by:rvdsabu4life
Comment Utility
@Kendzast

I will advise after I read the article.

@erniebeek

Correct.  However, the public subnets are not the same.
0
 

Author Comment

by:rvdsabu4life
Comment Utility
OK, so if I followed these instructions, my setup could work?

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24992501.html

0
 
LVL 4

Accepted Solution

by:
Kendzast earned 500 total points
Comment Utility
No :) You don't need MPLS implementation.

Here is configuration example for Sonicwall
http://doc.m0n0.ch/handbook/examplevpn.html

Somethig similar like I did, from cisco
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml
You can route private IP subnets over GRE tunnel. OSPF, RIP, EIGRP support. Great thing!

0
 

Author Comment

by:rvdsabu4life
Comment Utility
I was able to successfully do what I needed to this morning.  Thanks for all the help!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now