Visibility of two networks

We have a Draytek 2860n router with a VADSL connection, all machines are using the subnet 255.255.255.0 on the range 192.168.0.0 - 254. We are moving to a new hosted server for our sales software have had a new leased line installed which connects to the server one end and is connected to a Cisco box at our end, this network is on the range 10.146.50.0 - 254. How can I connect the new leased line to the Draytek router so that all machines on the network can seamlessly access to the hosted server. In another words, I need a machine on our Draytek router LAN to run to the hosted server \\10.134.3.161 through the leased line router IP of 10.146.50.254. Makes sense?
Nicholas EdwardfsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Do you have an internal connection between those routers... (Are they in the same room?)... If so some routing statements & filters on the firewall on both should be sufficient.

IF they are far apart (different locations..  etc.) you can also build a VPN tunnel between then using f.e. IPSEC (prefered), or OPenVPN. (And also adjust the filewall filters on both ends).
Nicholas EdwardfsAuthor Commented:
They are in the same room.
nociSoftware EngineerCommented:
You could create a separate VLAN on both systems.
Use a different address on that VLAN (say 192.168.254.1/30 Draytec, 192.168.254.2/30 for Cisco)
Assign a port to that VLAN on both routers.
Run a cable between those ports.

Add a route on draytec:     network 10.146.50.0/24  with gateway: 192.168.254.2
Add a route on Cisco:     network 192.168.0.0/24 with gateway 192.168.254.1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
High-tech healthcare

From AI to wearables, telehealth to genomics to 3D printing — healthcare technology is seeing rapid advancement. Experts believe that this technological advancement will save money and save lives. Healthcare is changing dramatically, and emerging technology drives that change.

Fred MarshallPrincipalCommented:
Well, first of all, one should ask "Why does the Cisco have a LAN  of 10.146.50.0/24 in the first place?
The simplest solution would appear to be that it be the same as your existing LAN such as an address 192.168.0.233 with LAN DCHP turned OFF.
Then, add a route to the Draytek 2860n router that directs packets destined for the hosted server PUBLIC IP address or range to the Cisco on the LAN.  The Cisco will know what to do with those packets.
That is all.....

Slightly more but pretty easy:
Add a router that's in Router mode and not Gateway/NAT mode to the network.
TURN OFF DHCP on this router.  TURN OFF the firewall on this router.
It doesn't have to be much of a router ....
Put the LAN side on 192.168.0.0/24 with some local address and plugged into that LAN.
Put the WAN side on 10.146.50.0/24 with an address local to THAT subnet and plugged into that LAN.,
This will bridge the two subnets.
Next, put a route in the Draytek, pointing to the added router local IP address (i.e. in 192.1658.0.0/24).
Next, put a route in the Cisco, pointing to the added router local IP address (i.e. in 10.146.50.0/24).

Packets destined from the current LAN computers will go to their gateway (the Draytek).
The Draytek will direct those packets to the bridge router.
The bridge router will direct those packets to whatever device is in the destination address - I guess only the Cisco.
The Cisco will send the packets to the hosted server public IP address.
Return packets are similar:
The Cisco will sent the return packets to the bridge router.
The bridge router will direct those packets to whatever device is in the destination address.
(The Draytek won't be involved in this situation).
nociSoftware EngineerCommented:
@Fred:
When routing back through the same LAN interface the network capacity will be halved, due to U-turn packets.
Better setup would then be to have each system have a specific route to the "intermediate router" for the other side...
Which is a larger maintenance burden.

And if such routes need to be added anyway then why not though a separate interface.

The problem may be with control.. can the routes be setup on the routers,  does the ISP have to do that or can the asker do it  on his own.
Fred MarshallPrincipalCommented:
noci:  That's an interesting perspective but is actually a comment on network capacity in the limit.  I'd not expect one to reach those levels in a reasonably-configured network with Gigabit links.  Of course, I'm assuming the common Full Duplex interface mode - which, by itself, likely eliminates the concern.  

If there are separate interfaces available then I suppose that might at least provide a cosmetic improvement.  And, perhaps, a real one but that seems elusive to me.

I surely agree that one cannot control a thing for which they don't have control.... But, one has to start somewhere, right?

And, I have to assume that adding a route to any machine is easier to set up and manage than adding a VLAN.
nociSoftware EngineerCommented:
A VLAN is just "another" interface.


For Draytex a VLAN is added by selecting add a VLAN somehwere on the menu, and assign an interface from the LAN side to it.

on Cisco with
vlan database
   vlan XXX
  exit

interface VLANXXX
   ip address 192.168.254.1 255.255.255.252

and assign it to a port:
interface ethernet PPPP
    switchport mode access
    switchport access  vlan XXX
Fred MarshallPrincipalCommented:
noci:  I know this is a bit picky:  I would caution that saying "a VLAN is another interface" could be misleading because a VLAN isn't an interface in the physical sense.  A VLAN may *use* a physical interface.

While one may assign a physical port to an individual VLAN, it's not necessary - but likely common.
What one must do is to assign a VLAN to physical port(s) in order to make use of the VLAN.
The *port* is the interface.  The VLAN is a signalling mechanism.
So, it's just as common to see a VLAN assigned to multiple physical interfaces just as it's common to see a VLAN assigned to a single physical interface.

VLANs have a hardware drawback.  A switch configured with VLANs no longer has the property of "all ports are treated the same".  So, someone has to have a physical diagram or list of which port is which.  And, a more casual user can't just "plug in" to such a switch as is often the case.  Not a big deal for technical people who know what's been done.
nociSoftware EngineerCommented:
Interface is any point where a medium transfers to something else, not just networks. It also is about "user-interface", etc. etc.
A port is an interface (cable-> memory)  but not the other way around..

In the context of this question, (and from the perspective of a router, or OS config) a VLAN is just another interface.
The OS abstractions are also the same as "just" another "ethernet"  in this sense (on Linux, Cisco IOS, OpenVMS, ).
(all the tagging stuff etc. is abstracted away, that is done through declaring them through vconfig, "vlan database" , or "MCR LANCP SET DEV VLAN ..."  all creating an interface abstract in the OS that looks like a regular physical interface.).

Physical  I agree, ... quite different.
And when mapping networks also each VLAN needs to be overlayed on the Physical network.
and besides that capacity needs to be kept in view as well as multiple networks across one connection will compete for bandwidth & latency.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VLAN

From novice to tech pro — start learning today.