Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

local internet connection

Status
Not open for further replies.
johny2K

johny2K

Technical User
Joined
Dec 19, 2001
Messages
184
Location
CA
hi experts,

i badly needed an expert help/advice. currently, we do have LAN which is part of an inter-continental company network. our LAN (192.168.32.xx) belongs/is with other company branches (192.168.40.xx & 192.168.150.xx). these network connections are currently running smoothly. due to traffic congestion in which all internet "ACCESS" goes in and out of our LAN (yes, our branch handles in/out going internet connection), we decided to let each location to have their own direct connection to Internet without passing through our "gateway" to the internet.

here's how it is right now:

Network #1, includes;
192.168.32.xx, 192.168.40.xx & 192.168.150.xx)
gateway: 192.168.32.1, 192.168.40.1 & 192.168.150.1, respectively)

Network # 2 (the new connection to the internet);
IP coverage from 209.19.140.192 - 220
Gateway 209.19.140.194
Sub-mask 255.255.255.224

I am planning to use Red Hat Linux or Win2k server for this inter-connection.

What would be the best way to handle/implement direct access to the internet from each branch, noting everything now is working (except for each branch direct connection to the internet) and we don't want to modify existing, working company's network?

feedback is highly encourage. i am learning along the way.
 
Sort by date Sort by votes
Are you using Win2k or Win2003 Domain controllers now?
 
Upvote 0 Downvote
I'm not clear on this. I gather that you have several branches connected by some type of WAN, but with an internet connection to only the main branch, right? Each branch then has a router. If the routers have an extra Ethernet interface, you could logically connect that to your firewall and simply change the default route on the router. No change to the workstations is needed.

What's the "inter-connection" that you'd use Linux or Windows for? If you're referring to the firewall, I'd suggest a hardware unit instead. For $400-$900 or so you can get a Pix which will save much in headaches.
 
Upvote 0 Downvote
hi lgarner - you were able to read my mind. sorry, my detail description is not enough. but you are right - we do have a network, exactly as you mentioned.

Each branch has it's own router and everyone pointing to our site for internet connection.

can you clarify a bit more re logically connecting the spare ethernet interface/port? Is it within the router, itself? Or, by altering router tables?

 
Upvote 0 Downvote
also, i want to implement a firewall (maybe a linux or win2003) for each branch, just for additional security.

which one one is better; firewall from the router or through a server?

 
Upvote 0 Downvote
I've got the exact setup you're describing.

Main campus has internet access as well as a core router (Cisco 2691) with multiple frame-relay connections to 8 different branches.


Each branch is set up as follows:

Cisco PIX firewall for local internet access, IP 10.10.15.1

Cisco 1721 router for WAN connection to main campus, IP 10.10.15.8

Default gateway for all devices is the router, 10.10.15.8

Router default gateway is PIX, 10.10.15.1

Routing protocols configured to direct WAN (10.10.x.x) traffic over the frame-relay to main site.

This setup works very well.

MCSE CCNA CCDA
 
Upvote 0 Downvote
That's similar to my setup, except that the firewall is on a dedicated segment that is reached through the router. I have a VPN set up as a backup to the WAN, so the routers can make rapid decisions if a WAN link is lost.

I'd suggest a hardware firewall over software. A Pix 506E is the most that you'd likely need, even for fairly large offices, unless you need high availability. At around $900, the Pix isn't going to cost any more than a Windows server with ISA. For smaller offices, you can use a $4-500 Pix 501 limited-user license.

 
Upvote 0 Downvote
a long-delayed "thank you" to both of you. i used a firewall box locally in each site and configured each branch router to validate internet connection access. say, if a local user wants to use internet, it doesn't have to go through our main router/site - local firewall connection handles this now (DMZ).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gpx123
  • Locked
  • Question Question
PPTP VPN no internet on 7 yes internet on XP
Replies
1
Views
302
rportillo07
rportillo07
Stroller10
  • Locked
  • Question Question
VPN Establishes a connection but refuses username and password
Replies
1
Views
332
dinaafifi
dinaafifi
cshepherd
  • Locked
  • Question Question
Creating a VPN when server is connected via mobile internet connection
Replies
1
Views
300
jimbopalmer
jimbopalmer
fuseven
  • Locked
  • Question Question
Use Public IP as Local Encryption Network
Replies
3
Views
364
fuseven
fuseven
Optman
  • Locked
  • Question Question
vpn client cann't establish connection to Contivity 1740 router ..!!
Replies
0
Views
203
Optman
Optman

Part and Inventory Search

Sponsor

Back
Top