This is the setup I have for an external connection. This external connection is for our boardrooms so people from outside the company can connect to the internet without getting on our LAN.
The outside connection provided by our ISP plugs into the Cisco 5505 Firewall. Through a series of simple risers, a Dlink router located in the boardroom is attached to this firewall. There is a series of 4 routers attached to this firewall.
I have assigned each router with an External IP address under the "manual Internet connection" tab. For example, router 2 would have an IP of 192.168.1.2. The 3rd router in the 3rd boardroom would be 192.168.1.3, etc etc. When traffic is flowing through the FW, this is the IP it sees.
The Gateway (Cisco Firewall) is 192.168.1.1
Now, each router also has its own IP address. For example, router 2 would have an IP of 192.168.2.1. The 3rd router in the 3rd boardroom would be 192.168.3.1, etc etc. So if a PC that is connected to this router does an IPCONFIG the Gateway would be this.
After all of that, each router gets to the internet great and everyone is happy. But my question is:
I am on another router, 192.168.1.13 (external IP; the internal IP is 192.168.10.101) that only the IT people are allowed to be on. It is attached to this firewall as well. I want to be able to connect to each of the segments from mine so I can configure the routers without visiting each boardroom and having to connect to it. For example, my PC, 192.168.10.101 needs to be able to connect to the 2nd floor boardroom router at 192.168.2.1. But I also want to make sure no one can go from one of the boardrooms to the IT router.
Am I making sense?
thx in advance