×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

seperate but together

seperate but together

seperate but together

(OP)
I have a strange situation here. A new client has asked me to help seperate there networs for them but at the same time allow for sharing of a few resources. (Printers, drives, ect.) To start the network is setup as follows. Have a T1 coming in to a 4 port swtich. From there there is a 2 cables, one to router1 and another cable to router2. From router 1 we have a cable to DC1 running 2003 server. And another cable to 2 24 port switch. On router2, there is only a cable going to another dc2 for a totally seperate domain. No switch there at all. Now everyone in the building is connected to the switchs and set on router1 for internet and network shareing ect. Their previous IT dept told them it was impossible to have two networks working together at the same time. So instead of setting up dc2 for sharing of drives they put share point on dc2, and set everyone up to go out throught the internet and then back in to hit the sharepoint. My job is to seperate the two networks but still be able to have a little sharing between the two.  I should be able to set this up in the routers right??

RE: seperate but together

Just my opinion, but I would consolidate down to one NAT'ing device. But first I must ask, you state you have a T1 coming in that goes to a switch then to two routers.
A T1 must terminate into a serial port of a CSU/DSU (either an external model like Adtran or internal card (T1 WIC inside a Cisco router)...so my question is do you have this or do you have a DSL connection? What is the brand/model of the routers? Cisco, Linksys, etc...

Based upon that answer, this suggestion might differ a little, but I would get a L3 switch and create yourself 2 VLANs (one for each internal network). Once you enable ip routing on the switch, the 2 LANs will talk to each other without issue and without doing weird stuff to loop out through the Internet to get to the other LAN. You can even create access-lists to restrict access to certain hosts or protocols if needed if you don't want full blown access from one to the other. I would also look at a true firewall security appliance instead of using routers (again depending on your answers to the above questions, this statement might change a little).

Let me know some additional info and I can give a little more insight.

RE: seperate but together

(OP)
First yes the t1 is coming into a csu, I meant coming out of that it goes into the switch.  The routers used are a fortinet its the fortiwifi 60 listed here http://www.fortinet.com/doc/FGT50_100DS.pdf.  The other router is a linksys vpn router.

RE: seperate but together

Ok... Fortinet's a good box, so basically my previous statement stands. You use the Fortinet firewall as your Nat'ing security appliance and then get you a layer 3 switch. Create yourself 2 vlans on that layer 3 switch and enable ip routing so the 2 vlans will talk to each other. Again, if security between the two vlans is an issue, the use of access-lists or ACL(s) can be implemented to restrict traffic to certain host(s) or protocols.
Kick the Linksys router to the curb and you'll be good to go.

RE: seperate but together

Ok well now the fortinet is causeing problems so we are looking to eliminate this guy all together.  Any recomendations on what would be a good replacement.  Basically and all in one.  Just use the layer 3 switch for everything. I know cisco has some nice ones.  Nothing to fancy we only have 23 pc's that will be hooking up to the network.

RE: seperate but together

You can go with Cisco, but their entry level routing switch will cost you some $$$. I personally use HP Procurve equipment. Their 2610 are 10/100base-T with 2x1GbE ports that does "light" routing (up to 16 static routes... more than what your current requirements are) and their 2900 series that are 10/100/1000base-T with 10GbE ports. You can do both static routes and RIP (a routing protocol) on that switch. HP's switches also come with lifetime NBD replacement warranties for no extra charge. The 2610 24 port model will run you around $500.00 while the 2900 series will run you $2600.00 give or take. They also both come in 48 port models and the 2610 series also comes in PoE models as well. Of course, all that adds to the cost.

As far as the Fortigate acting up, if its out of warranty, then I would look at one of Sonicwall's TZ Total Security Bundles appliances. Look at the TZ180 model in that bundle in the unlimited user version. They normally give you the enhanced OS upgrade free if you get the unlimited user version and it comes with all the IPS, Anti-X, Basic content filtering, support, warranty, etc...but make sure you ask for the "Total Security Bundle". Of course you can turn off or on what you want or need. It also comes with a optional WAN port for failover to a DSL or Cable connection should the T1 go down. You pay the yearly renewal to keep all the subscriptions updating, but it also keeps the warranty and support for the box current as well.

Get with a reputable vendor and they should be able to price you on both the switch and firewall appliance.

Again, that was just my two cents...hope I could help.

RE: seperate but together

(OP)
Thanks cajuntank you have been very helpful.  I will definatley look into the hp models you suggested.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close