Link to home
Start Free TrialLog in
Avatar of Nicholas Edwards
Nicholas EdwardsFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Visibility of two networks

We have a Draytek 2860n router with a VADSL connection, all machines are using the subnet on the range - 254. We are moving to a new hosted server for our sales software have had a new leased line installed which connects to the server one end and is connected to a Cisco box at our end, this network is on the range - 254. How can I connect the new leased line to the Draytek router so that all machines on the network can seamlessly access to the hosted server. In another words, I need a machine on our Draytek router LAN to run to the hosted server \\ through the leased line router IP of Makes sense?
Avatar of noci

Do you have an internal connection between those routers... (Are they in the same room?)... If so some routing statements & filters on the firewall on both should be sufficient.

IF they are far apart (different locations..  etc.) you can also build a VPN tunnel between then using f.e. IPSEC (prefered), or OPenVPN. (And also adjust the filewall filters on both ends).
Avatar of Nicholas Edwards


They are in the same room.
Avatar of noci

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Well, first of all, one should ask "Why does the Cisco have a LAN  of in the first place?
The simplest solution would appear to be that it be the same as your existing LAN such as an address with LAN DCHP turned OFF.
Then, add a route to the Draytek 2860n router that directs packets destined for the hosted server PUBLIC IP address or range to the Cisco on the LAN.  The Cisco will know what to do with those packets.
That is all.....

Slightly more but pretty easy:
Add a router that's in Router mode and not Gateway/NAT mode to the network.
TURN OFF DHCP on this router.  TURN OFF the firewall on this router.
It doesn't have to be much of a router ....
Put the LAN side on with some local address and plugged into that LAN.
Put the WAN side on with an address local to THAT subnet and plugged into that LAN.,
This will bridge the two subnets.
Next, put a route in the Draytek, pointing to the added router local IP address (i.e. in 192.1658.0.0/24).
Next, put a route in the Cisco, pointing to the added router local IP address (i.e. in

Packets destined from the current LAN computers will go to their gateway (the Draytek).
The Draytek will direct those packets to the bridge router.
The bridge router will direct those packets to whatever device is in the destination address - I guess only the Cisco.
The Cisco will send the packets to the hosted server public IP address.
Return packets are similar:
The Cisco will sent the return packets to the bridge router.
The bridge router will direct those packets to whatever device is in the destination address.
(The Draytek won't be involved in this situation).
When routing back through the same LAN interface the network capacity will be halved, due to U-turn packets.
Better setup would then be to have each system have a specific route to the "intermediate router" for the other side...
Which is a larger maintenance burden.

And if such routes need to be added anyway then why not though a separate interface.

The problem may be with control.. can the routes be setup on the routers,  does the ISP have to do that or can the asker do it  on his own.
noci:  That's an interesting perspective but is actually a comment on network capacity in the limit.  I'd not expect one to reach those levels in a reasonably-configured network with Gigabit links.  Of course, I'm assuming the common Full Duplex interface mode - which, by itself, likely eliminates the concern.  

If there are separate interfaces available then I suppose that might at least provide a cosmetic improvement.  And, perhaps, a real one but that seems elusive to me.

I surely agree that one cannot control a thing for which they don't have control.... But, one has to start somewhere, right?

And, I have to assume that adding a route to any machine is easier to set up and manage than adding a VLAN.
A VLAN is just "another" interface.

For Draytex a VLAN is added by selecting add a VLAN somehwere on the menu, and assign an interface from the LAN side to it.

on Cisco with
vlan database
   vlan XXX

interface VLANXXX
   ip address

and assign it to a port:
interface ethernet PPPP
    switchport mode access
    switchport access  vlan XXX
noci:  I know this is a bit picky:  I would caution that saying "a VLAN is another interface" could be misleading because a VLAN isn't an interface in the physical sense.  A VLAN may *use* a physical interface.

While one may assign a physical port to an individual VLAN, it's not necessary - but likely common.
What one must do is to assign a VLAN to physical port(s) in order to make use of the VLAN.
The *port* is the interface.  The VLAN is a signalling mechanism.
So, it's just as common to see a VLAN assigned to multiple physical interfaces just as it's common to see a VLAN assigned to a single physical interface.

VLANs have a hardware drawback.  A switch configured with VLANs no longer has the property of "all ports are treated the same".  So, someone has to have a physical diagram or list of which port is which.  And, a more casual user can't just "plug in" to such a switch as is often the case.  Not a big deal for technical people who know what's been done.
Interface is any point where a medium transfers to something else, not just networks. It also is about "user-interface", etc. etc.
A port is an interface (cable-> memory)  but not the other way around..

In the context of this question, (and from the perspective of a router, or OS config) a VLAN is just another interface.
The OS abstractions are also the same as "just" another "ethernet"  in this sense (on Linux, Cisco IOS, OpenVMS, ).
(all the tagging stuff etc. is abstracted away, that is done through declaring them through vconfig, "vlan database" , or "MCR LANCP SET DEV VLAN ..."  all creating an interface abstract in the OS that looks like a regular physical interface.).

Physical  I agree, ... quite different.
And when mapping networks also each VLAN needs to be overlayed on the Physical network.
and besides that capacity needs to be kept in view as well as multiple networks across one connection will compete for bandwidth & latency.