Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
How to share one Internet Connection on 2 LANs
Posted on 2011-09-20
Is this even possible ?
How could a network printer be shared between the 2 LANs ?
Would it create routing problems if one of the LANs becomes part of an AD / DFS on another site so that users can logon at either site and access files.
Backgroud
One LAN, 2 business units. 2 business units become 2 legal entities needing full network separation for compliance but want to continue to share cabling, patch panel and the costs of a single hi speed intenet connection - and possibly 1 leased MFP. All clients, servers, and all but 1 printer will be on one of the 2 LANs. One of the LANs will need to become part of an AD with computers on a remote sites LAN so will need a Site2Site VPN
How could a network printer be shared between the 2 LANs ?
Would it create routing problems if one of the LANs becomes part of an AD / DFS on another site so that users can logon at either site and access files.
Backgroud
One LAN, 2 business units. 2 business units become 2 legal entities needing full network separation for compliance but want to continue to share cabling, patch panel and the costs of a single hi speed intenet connection - and possibly 1 leased MFP. All clients, servers, and all but 1 printer will be on one of the 2 LANs. One of the LANs will need to become part of an AD with computers on a remote sites LAN so will need a Site2Site VPN
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
- +1
7 Comments
Vlanning?
Then the easiest might be to put the printer in a third vlan that can be reached from the other two.
Then the easiest might be to put the printer in a third vlan that can be reached from the other two.
There are router available that support this.
I had one from Draytek. Worked perfect.: Here is a description how it is set up in those ones:
http://www.draytek.co.uk/support/kb_vigor_vlan.html
I had one from Draytek. Worked perfect.: Here is a description how it is set up in those ones:
http://www.draytek.co.uk/support/kb_vigor_vlan.html
I'm guessing you have a firewall. If you do, you could create four distinct zones on your firewall: -
Zone 1 - Business Unit 1
Zone 2 - Business Unit 2
Zone 3 - MFP
Zone 4 - untrust/internet.
The reason for putting the MFP in it's own zone will reduce the risk of it acting as a bridge between the two business units.
The firewall should be able to handle the site to site VPN for the business unit that needs it.
You will have to VLAN your network for this to work effectively and to minimise the risk of cross network communicataion.
Zone 1 - Business Unit 1
Zone 2 - Business Unit 2
Zone 3 - MFP
Zone 4 - untrust/internet.
The reason for putting the MFP in it's own zone will reduce the risk of it acting as a bridge between the two business units.
The firewall should be able to handle the site to site VPN for the business unit that needs it.
You will have to VLAN your network for this to work effectively and to minimise the risk of cross network communicataion.
Thanks.
jakethecatuk
Would fw zones allow separate ADs to be deployed in B1 & B2 and function as 2 networks from a users perspective. Is zone3 still accessible OK after 'vlanning'
HugoHiasl
Would this router allow seoprate ADs to be deployed in B1 & B2
Does it allow any bandwidth slhaping / priorites for each physical interface or protocols
jakethecatuk
Would fw zones allow separate ADs to be deployed in B1 & B2 and function as 2 networks from a users perspective. Is zone3 still accessible OK after 'vlanning'
HugoHiasl
Would this router allow seoprate ADs to be deployed in B1 & B2
Does it allow any bandwidth slhaping / priorites for each physical interface or protocols
with seperate VLAN's you can do pretty much what you like when it comes to AD. each VLAN is to all intents and purposes, it's own network and it will only see outside of it's network what you tell the firewall to let it see.
with regards to zone 3, you will need to configure your firewall to allow traffic to/from zones 1 and 2 to zone 3 for printing - just make sure you don't allow traffic to/from zones 1 and 2 to each other.
with regards to zone 3, you will need to configure your firewall to allow traffic to/from zones 1 and 2 to zone 3 for printing - just make sure you don't allow traffic to/from zones 1 and 2 to each other.
with seperate VLAN's you can do pretty much what you like when it comes to AD. each VLAN is to all intents and purposes, it's own network and it will only see outside of it's network what you tell the firewall to let it see.
with regards to zone 3, you will need to configure your firewall to allow traffic to/from zones 1 and 2 to zone 3 for printing - just make sure you don't allow traffic to/from zones 1 and 2 to each other.
with regards to zone 3, you will need to configure your firewall to allow traffic to/from zones 1 and 2 to zone 3 for printing - just make sure you don't allow traffic to/from zones 1 and 2 to each other.
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed.
Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month5 days, 13 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
627 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.