Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

combining 2 networks usinga 2621 and pix 506

Status
Not open for further replies.
OmegaLS

OmegaLS

IS-IT--Management
Apr 1, 2004
12
US
My office has a sister company in the same building w/ its own T1 line and currently we have the 2 networks connected over a separate switch so that not everyone has access to both networks and the people that would, would need 2 nic cards. I want to come up w/ a better solution for this so that we can allow certain users to use both networks w/out this kind of configuration. Currently we have a 2600 on our front end w/ a pix 506 behind it, and all our users behind the pix with the ip address scheme 192.168.100.0/24. And as the other company we have a simple netopia vpn device and the users behind that with a scheme of 192.168.9.0/24.

What would be the best solution for this? I was thinking about using the extra interface we have on the 2600 somehow or possibly changing the subnet of the inside interface of the pix.

Any help would be appreciated.

Thanks!
 
Sort by date Sort by votes
Hi OmegaLS,
from your point of view, I would do as you were already thinking.
Put the extra interface of the 2600 onto the network of the sister company, configure it with an IP address from the 192.168.9.0/24 range.
For routing you need to add a route for 192.168.100.0/24 on the Netopia VPN device with next hop <Your 2600's 192.168.9.x IP address>. I presume your PIX has a default route to the 2600 anyway. If not you'd need a static route on the PIX for 192.168.9.0/24 pointing to the 2600.
Well, configure the necessary firewall rules on your PIX to allow the desired traffic and here you go!

Mike
 
Upvote 0 Downvote
Alternatively, if you had a Cisco switch, you could set up VLANs. Just a thought.

- stephan
 
Upvote 0 Downvote
What do you guys think of putting a completely separate router between the 2 networks so that I dont have a my public facing 2600 doing any of the work, however little it might be. I want to think of a long term solution that will separate the 2 networks and deal w/ the growth in number of people that need to be on both of them.
 
Upvote 0 Downvote
If budget isn't an issue... use a separate router between the two networks. Or, if security between the two networks is an issue, use a PIX instead.

Mike
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
141
Lccarter
Lccarter
inlsp05
  • Locked
  • Question
2811&amp;2960 48 volts wiring diagram
Replies
1
Views
132
BOKA
BOKA
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
118
DTGMI
DTGMI
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
71
NavinNet
NavinNet
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
86
inlsp05
inlsp05

Part and Inventory Search

Sponsor

Back
Top