Two Networks - One ISP
I hope I can explain this well enough for someone to help me.
I have two networks in my building. They both have a totally separate network infrastructure. Each network has its own firewall (Sonicwall NSA 3500) and each has a different Internet Service Provider.
On one of the networks (call it network-1) I have a fiber primary WAN connection and a Comcast 100mbps business class line on a secondary WAN as a fail-over.
On the second network (call it network-2) I have a fiber primary WAN connection, but no secondary WAN as a fail-over.
What I want to do is use the Comcast 100mbps business class line as a fail-over WAN on both networks. I have 5 static IP addresses with the 100mbps line and I think I can just assign an IP address to the secondary WAN both networks, give them the same gateway address, and that will work.
My problem is, I can’t have connectivity between these two networks. I’m concerned that because the two secondary WAN interfaces have addresses that are on the same segment there will be problems.
Can anyone give me advice on this? Is there a way of doing this safely?
I have two networks in my building. They both have a totally separate network infrastructure. Each network has its own firewall (Sonicwall NSA 3500) and each has a different Internet Service Provider.
On one of the networks (call it network-1) I have a fiber primary WAN connection and a Comcast 100mbps business class line on a secondary WAN as a fail-over.
On the second network (call it network-2) I have a fiber primary WAN connection, but no secondary WAN as a fail-over.
What I want to do is use the Comcast 100mbps business class line as a fail-over WAN on both networks. I have 5 static IP addresses with the 100mbps line and I think I can just assign an IP address to the secondary WAN both networks, give them the same gateway address, and that will work.
My problem is, I can’t have connectivity between these two networks. I’m concerned that because the two secondary WAN interfaces have addresses that are on the same segment there will be problems.
Can anyone give me advice on this? Is there a way of doing this safely?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
d0ughb0y,
I actually have two Sonicwall Firewalls with multiple WAN interfaces. One Firewall on each network. I have three ISPs in total.
I have one ISP assigned to each Firewall as the as the primary WAN. My question was about sharing the third ISP as a fail-over on both Firewalls. Since I have a block of 5 IP addresses with the third ISP, I think the switch will work.
Thanks!
I actually have two Sonicwall Firewalls with multiple WAN interfaces. One Firewall on each network. I have three ISPs in total.
I have one ISP assigned to each Firewall as the as the primary WAN. My question was about sharing the third ISP as a fail-over on both Firewalls. Since I have a block of 5 IP addresses with the third ISP, I think the switch will work.
Thanks!
In that case, I suspect you're right.
The problem with using a switch is that you won't have the failover. At best, you'd be able to manually set the routers to the second default gateway, in the event the primary fails. But that's certainly not automatic.
I'd suggest getting a decent router - I'd use a SonicWALL, but you'd be fine with any decent brand - and connecting both Internet routers to it: One as Primary WAN; the other as Failover. Then I'd connect each network's switch to that router, but define the ports as being in different networks. (I.e. port 1 is in 192.168.1.0/24, and port 2 is in 192.168.2.0/24). Each network will connect to its own router port, and that router can reach the Internet using either ISP, with automatic failover. You can configure firewall rules in the SonicWALL to prevent the two internal LANs from talking to each other.
Alternately, you could get two additional routers - one for each internal LAN, and then feed both of THEM to the centralized Internet router (which is still connected to both ISP routers.) In this model, you would keep all the LAN ports on the central router in the same LAN.
Config1.jpg
Config2.jpg