I have a strange situation here. A new client has asked me to help seperate there networs for them but at the same time allow for sharing of a few resources. (Printers, drives, ect.) To start the network is setup as follows. Have a T1 coming in to a 4 port swtich. From there there is a 2 cables, one to router1 and another cable to router2. From router 1 we have a cable to DC1 running 2003 server. And another cable to 2 24 port switch. On router2, there is only a cable going to another dc2 for a totally seperate domain. No switch there at all. Now everyone in the building is connected to the switchs and set on router1 for internet and network shareing ect. Their previous IT dept told them it was impossible to have two networks working together at the same time. So instead of setting up dc2 for sharing of drives they put share point on dc2, and set everyone up to go out throught the internet and then back in to hit the sharepoint. My job is to seperate the two networks but still be able to have a little sharing between the two. I should be able to set this up in the routers right??
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
seperate but together 1
- Thread starter sampko
- Start date
-
1
- #2
Just my opinion, but I would consolidate down to one NAT'ing device. But first I must ask, you state you have a T1 coming in that goes to a switch then to two routers.
A T1 must terminate into a serial port of a CSU/DSU (either an external model like Adtran or internal card (T1 WIC inside a Cisco router)...so my question is do you have this or do you have a DSL connection? What is the brand/model of the routers? Cisco, Linksys, etc...
Based upon that answer, this suggestion might differ a little, but I would get a L3 switch and create yourself 2 VLANs (one for each internal network). Once you enable ip routing on the switch, the 2 LANs will talk to each other without issue and without doing weird stuff to loop out through the Internet to get to the other LAN. You can even create access-lists to restrict access to certain hosts or protocols if needed if you don't want full blown access from one to the other. I would also look at a true firewall security appliance instead of using routers (again depending on your answers to the above questions, this statement might change a little).
Let me know some additional info and I can give a little more insight.
A T1 must terminate into a serial port of a CSU/DSU (either an external model like Adtran or internal card (T1 WIC inside a Cisco router)...so my question is do you have this or do you have a DSL connection? What is the brand/model of the routers? Cisco, Linksys, etc...
Based upon that answer, this suggestion might differ a little, but I would get a L3 switch and create yourself 2 VLANs (one for each internal network). Once you enable ip routing on the switch, the 2 LANs will talk to each other without issue and without doing weird stuff to loop out through the Internet to get to the other LAN. You can even create access-lists to restrict access to certain hosts or protocols if needed if you don't want full blown access from one to the other. I would also look at a true firewall security appliance instead of using routers (again depending on your answers to the above questions, this statement might change a little).
Let me know some additional info and I can give a little more insight.
- Thread starter
- #3
First yes the t1 is coming into a csu, I meant coming out of that it goes into the switch. The routers used are a fortinet its the fortiwifi 60 listed here The other router is a linksys vpn router.
Ok... Fortinet's a good box, so basically my previous statement stands. You use the Fortinet firewall as your Nat'ing security appliance and then get you a layer 3 switch. Create yourself 2 vlans on that layer 3 switch and enable ip routing so the 2 vlans will talk to each other. Again, if security between the two vlans is an issue, the use of access-lists or ACL(s) can be implemented to restrict traffic to certain host(s) or protocols.
Kick the Linksys router to the curb and you'll be good to go.
Kick the Linksys router to the curb and you'll be good to go.
abramenkos
Technical User
- Mar 18, 2008
- 10
Ok well now the fortinet is causeing problems so we are looking to eliminate this guy all together. Any recomendations on what would be a good replacement. Basically and all in one. Just use the layer 3 switch for everything. I know cisco has some nice ones. Nothing to fancy we only have 23 pc's that will be hooking up to the network.
You can go with Cisco, but their entry level routing switch will cost you some $$$. I personally use HP Procurve equipment. Their 2610 are 10/100base-T with 2x1GbE ports that does "light" routing (up to 16 static routes... more than what your current requirements are) and their 2900 series that are 10/100/1000base-T with 10GbE ports. You can do both static routes and RIP (a routing protocol) on that switch. HP's switches also come with lifetime NBD replacement warranties for no extra charge. The 2610 24 port model will run you around $500.00 while the 2900 series will run you $2600.00 give or take. They also both come in 48 port models and the 2610 series also comes in PoE models as well. Of course, all that adds to the cost.
As far as the Fortigate acting up, if its out of warranty, then I would look at one of Sonicwall's TZ Total Security Bundles appliances. Look at the TZ180 model in that bundle in the unlimited user version. They normally give you the enhanced OS upgrade free if you get the unlimited user version and it comes with all the IPS, Anti-X, Basic content filtering, support, warranty, etc...but make sure you ask for the "Total Security Bundle". Of course you can turn off or on what you want or need. It also comes with a optional WAN port for failover to a DSL or Cable connection should the T1 go down. You pay the yearly renewal to keep all the subscriptions updating, but it also keeps the warranty and support for the box current as well.
Get with a reputable vendor and they should be able to price you on both the switch and firewall appliance.
Again, that was just my two cents...hope I could help.
As far as the Fortigate acting up, if its out of warranty, then I would look at one of Sonicwall's TZ Total Security Bundles appliances. Look at the TZ180 model in that bundle in the unlimited user version. They normally give you the enhanced OS upgrade free if you get the unlimited user version and it comes with all the IPS, Anti-X, Basic content filtering, support, warranty, etc...but make sure you ask for the "Total Security Bundle". Of course you can turn off or on what you want or need. It also comes with a optional WAN port for failover to a DSL or Cable connection should the T1 go down. You pay the yearly renewal to keep all the subscriptions updating, but it also keeps the warranty and support for the box current as well.
Get with a reputable vendor and they should be able to price you on both the switch and firewall appliance.
Again, that was just my two cents...hope I could help.
- Thread starter
- #7
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question