Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

combining 2 networks usinga 2621 and pix 506

Status
Not open for further replies.

OmegaLS

IS-IT--Management
Apr 1, 2004
12
US
My office has a sister company in the same building w/ its own T1 line and currently we have the 2 networks connected over a separate switch so that not everyone has access to both networks and the people that would, would need 2 nic cards. I want to come up w/ a better solution for this so that we can allow certain users to use both networks w/out this kind of configuration. Currently we have a 2600 on our front end w/ a pix 506 behind it, and all our users behind the pix with the ip address scheme 192.168.100.0/24. And as the other company we have a simple netopia vpn device and the users behind that with a scheme of 192.168.9.0/24.

What would be the best solution for this? I was thinking about using the extra interface we have on the 2600 somehow or possibly changing the subnet of the inside interface of the pix.

Any help would be appreciated.

Thanks!
 
Hi OmegaLS,
from your point of view, I would do as you were already thinking.
Put the extra interface of the 2600 onto the network of the sister company, configure it with an IP address from the 192.168.9.0/24 range.
For routing you need to add a route for 192.168.100.0/24 on the Netopia VPN device with next hop <Your 2600's 192.168.9.x IP address>. I presume your PIX has a default route to the 2600 anyway. If not you'd need a static route on the PIX for 192.168.9.0/24 pointing to the 2600.
Well, configure the necessary firewall rules on your PIX to allow the desired traffic and here you go!

Mike
 
Alternatively, if you had a Cisco switch, you could set up VLANs. Just a thought.

- stephan
 
What do you guys think of putting a completely separate router between the 2 networks so that I dont have a my public facing 2600 doing any of the work, however little it might be. I want to think of a long term solution that will separate the 2 networks and deal w/ the growth in number of people that need to be on both of them.
 
If budget isn't an issue... use a separate router between the two networks. Or, if security between the two networks is an issue, use a PIX instead.

Mike
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top