How to easily separate Security Camera system on LAN to its own network for security.

We have a small business that uses Comcast as our ISP. They supplied us with a Netgear CG3000DCR Modem. We currently have a static IP address to allow us to remotely view our security camera DVR via port forwarding. We process credit cards thru the same system & have ports open to do so & now we are failing our security scan by our credit card security people (SecureScan). What would be the easiest way to segment our security camera system off of the main LAN but still use the gateway for remote viewing access? Can I just add an additional router to an open LAN port on the modem, change the internal IP to another network & place the DVR on that network? How will that affect port forwarding to the new network?
mimi8118Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CombemartinCommented:
This article may help, I were thinking of doing the same at one site but never got round to it, in the end, it were more secure to have a second broadband installed for the transactions.
http://portforward.com/help/doublerouterportforwarding.htm
0
mbkitmgrCommented:
Does your router support Port Translation.

It allows you set an uncommon external port to connect to a device via its preferred port.  We have Head Office clerical maintaining the address books in Digital Multifunction printers (MFD) at other sites

EG - I setup port 32333 as the incoming port, which gets translated to Port 80, and forwarded to our Digital Multifunction printer to allow Admin staff to maintain the address book.

They connect to Http://1.1.1.1:32333, the router converts it to port 80, and routes it to the MFD on 192.168.1.111

Of course this will only work if the software you use to remotely access the Stream allows you to specify the port other than standard.

Using this method helps us get approval for this config to remain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KimputerCommented:
You can indeed add another router, forwarding will still work.
Example, current situation:

port forward
80 >  public IP > router 1 LAN > 192.168.1.2
81 >  public IP > router 1 LAN > 192.168.1.3

You can reach both security cam 1 and 2 through public IP:80 and 81, where camera 1 is IP 192.168.1.2 and cam2 is IP x.3
NAT rules in router 1 is port 80 to 192.168.1.2 and port 81 t0 192.168.1.3

new situation:

80 >  public IP > router 1 LAN > router 2 192.168.1.250 > 192.168.2.2
81 >  public IP > router 1 LAN > router 2 192.168.1.250 > 192.168.2.3

NAT rules in router 1 is port 80 to 192.168.1.250 and port 81 ALSO to 192.168.1.250 (with router 2 WAN having this IP)
NAT rules on router 2 is port 80 to IP 192.168.2.2 for cam1 and port 81 to IP 192.168.2.3 for cam2

Another method is to have a new modem/router that has VLAN options.
VLAN1 is current network, VLAN2 (it's own DHCP server, and IP range, most easy in wifi situations, because SSID links to this VLAN)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.