Solved

How to share one Internet Connection on 2 LANs

Posted on 2011-09-20
7
335 Views
Last Modified: 2012-05-12
Is this even possible ?
How could a network printer be shared between the 2 LANs ?
Would it create routing problems if one of the LANs becomes  part of an AD / DFS on another site so that users can logon at either site and access files.

Backgroud
One LAN, 2 business units. 2 business units become 2 legal entities needing full network separation for compliance but want to continue to share cabling, patch panel and the costs of a single hi speed intenet connection - and possibly 1 leased MFP. All clients, servers, and all but 1 printer will be on one of the 2 LANs. One of the LANs will need to become part of an AD with computers on a remote sites LAN so will need a Site2Site VPN
0
Comment
Question by:ASPDaddy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 50 total points
ID: 36567283
Vlanning?
Then the easiest might be to put the printer in a third vlan that can be reached from the other two.
0
 
LVL 12

Assisted Solution

by:HugoHiasl
HugoHiasl earned 175 total points
ID: 36567302
There are router available that support this.

I had one from Draytek. Worked perfect.: Here is a description how it is set up in those ones:

http://www.draytek.co.uk/support/kb_vigor_vlan.html
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 36567324
I'm guessing you have a firewall.  If you do, you could create four distinct zones on your firewall: -

Zone 1 - Business Unit 1
Zone 2 - Business Unit 2
Zone 3 - MFP
Zone 4 - untrust/internet.

The reason for putting the MFP in it's own zone will reduce the risk of it acting as a bridge between the two business units.

The firewall should be able to handle the site to site VPN for the business unit that needs it.

You will have to VLAN your network for this to work effectively and to minimise the risk of cross network communicataion.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:ASPDaddy
ID: 36567412
Thanks.

jakethecatuk
Would fw zones allow separate ADs to be deployed  in B1 & B2 and function as 2 networks from a users perspective. Is zone3 still accessible OK after 'vlanning'

HugoHiasl
Would this router allow seoprate ADs to be deployed  in B1 & B2
Does it allow any bandwidth  slhaping / priorites for each physical interface or protocols
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 36567434
with seperate VLAN's you can do pretty much what you like when it comes to AD.  each VLAN is to all intents and purposes, it's own network and it will only see outside of it's network what you tell the firewall to let it see.

with regards to zone 3, you will need to configure your firewall to allow traffic to/from zones 1 and 2 to zone 3 for printing  - just make sure you don't allow traffic to/from zones 1 and 2 to each other.
0
 
LVL 23

Assisted Solution

by:jakethecatuk
jakethecatuk earned 275 total points
ID: 36567435
with seperate VLAN's you can do pretty much what you like when it comes to AD.  each VLAN is to all intents and purposes, it's own network and it will only see outside of it's network what you tell the firewall to let it see.

with regards to zone 3, you will need to configure your firewall to allow traffic to/from zones 1 and 2 to zone 3 for printing  - just make sure you don't allow traffic to/from zones 1 and 2 to each other.
0
 

Author Closing Comment

by:ASPDaddy
ID: 36567462
Thanks.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question