Solved

Two Networks - One ISP

Posted on 2013-05-28
5
504 Views
Last Modified: 2013-05-28
I hope I can explain this well enough for someone to help me.

I have two networks in my building. They both have a totally separate network infrastructure. Each network has its own firewall (Sonicwall NSA 3500) and each has a different Internet Service Provider.

On one of the networks (call it network-1) I have a fiber primary WAN connection and a Comcast 100mbps business class line on a secondary WAN as a fail-over.

On the second network (call it network-2) I have a fiber primary WAN connection, but no secondary WAN as a fail-over.

What I want to do is use the Comcast 100mbps business class line as a fail-over WAN on both networks. I have 5 static IP addresses with the 100mbps line and I think I can just assign an IP address to the secondary WAN both networks, give them the same gateway address, and that will work.

My problem is, I can’t have connectivity between these two networks. I’m concerned that because the two secondary WAN interfaces have addresses that are on the same segment there will be problems.

Can anyone give me advice on this? Is there a way of doing this safely?
0
Comment
Question by:TwoKJM
5 Comments
 
LVL 20

Assisted Solution

by:CompProbSolv
CompProbSolv earned 250 total points
ID: 39201914
Since the Comcast WAN is separated from your two LANs by the firewalls, they are really no more connected to each other than they are to anyone else on the internet.  You should be fine.
0
 
LVL 25

Accepted Solution

by:
Fred Marshall earned 250 total points
ID: 39202188
Yet, I presume the two networks are collocated so that the physical connection you want is available.....

Here's what I do with no worse "interconnection" than being a node on the internet:

Install an "Internet Switch" that is connected between the Comcast interface and the other public IP addressed devices on your side of things.

Then you connect the WAN ports to the switch and assign them out of your public IP address block.  
And, as you plan, point to the appropriate gateway addresses.

You can have *all* the public addresses running through this one switch - even if there are different ISPs, address blocks, etc.  Then, if it's a managed switch, you can monitor what's going on.  If the networks are protected from the internet, then they are protected from this "mini-internet" at the switch.
0
 
LVL 8

Expert Comment

by:d0ughb0y
ID: 39202330
If I'm understanding your question, you have two Internet connections, and two separate internal network. And you want to be able to share the two Internet connections (one as primary; one as failover), without allowing connectivity between the two internal networks.

The problem with using a switch is that you won't have the failover. At best, you'd be able to manually set the routers to the second default gateway, in the event the primary fails. But that's certainly not automatic.

I'd suggest getting a decent router - I'd use a SonicWALL, but you'd be fine with any decent brand - and connecting both Internet routers to it: One as Primary WAN; the other as Failover. Then I'd connect each network's switch to that router, but define the ports as being in different networks. (I.e. port 1 is in 192.168.1.0/24, and port 2 is in 192.168.2.0/24). Each network will connect to its own router port, and that router can reach the Internet using either ISP, with automatic failover. You can configure firewall rules in the SonicWALL to prevent the two internal LANs from talking to each other.

Alternately, you could get two additional routers - one for each internal LAN, and then feed both of THEM to the centralized Internet router (which is still connected to both ISP routers.) In this model, you would keep all the LAN ports on the central router in the same LAN.
Config1.jpg
Config2.jpg
0
 
LVL 1

Author Comment

by:TwoKJM
ID: 39202371
d0ughb0y,

I actually have two Sonicwall Firewalls with multiple WAN interfaces. One Firewall on each network. I have three ISPs in total.

I have one ISP assigned to each Firewall as the as the primary WAN. My question was about sharing the third ISP as a fail-over on both Firewalls. Since I have a block of 5 IP addresses with the third ISP, I think the switch will work.

Thanks!
0
 
LVL 8

Expert Comment

by:d0ughb0y
ID: 39202398
In that case, I suspect you're right.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question