A modem, routers towing, two subnets?

Hello

I hope it's an easy question for one of your technicians to answer.

Here's the situation.

The functional reason.
There is only a single WAN connection for two subnets.
A subnet is located in a client area where anyone can sit and use connections.

The other is a subnet of the employee.

I don't want customers to be able to access the LAN used, but it is also critical that employees are blocked by the LAN client.

The basic requirements are:
1. the two subnets can get on the web.
2. a subnet is totally isolated from each other. There is a catch here. It's OK to subnet1 to see subnet 2, but it is not ok for the subnet 2 see subnet1.

I can connect in series routers to achieve what I want?
Router 1 can be connected to a modem WAN and benefit from an IP as 192.168.1.1 and DNS for 105 192.168.1.100 to 192.168.1. I'll call this subnet1. I want this subnet to allow connections from the IP 100 to 115 on the Web range.
Router 1 would be a firewall for the WAN to the outside.

Router 2 can be connected to a line on the Router 1 port and an address such as 192.168.1.106 and service addresses like 192.168.110 to 115. I'll call this subnet2
Router 2 would be a firewall to subnet2.

With a Setup like that I think it's easier to have some subnet2 be protected one that cannot be seen from subnet1.
So, how to avoid that subnet 1 systems to subnet 2?
ROUTER2 can be configured to allow only 110 to 115 IP addresses. This can be done with transmission of restrictions or the use of filtering IP addresses, or even filtering by MAc address.

The other option that I think is to introduce a router before that both routers and then the routers can do their thing with each using a different address space and blocking others.
So in this situation, I would
-ROUTER1 with portion of the address 192.168.1.1 address 192.168.1.100 to 192.168.1.105
-ROUTER2 with serving address 192.168.2.1 address 192.168.2.100 to 192.168.2.105
With every router they would be configured to only accept connections to the LAN of the accepted range.

These seem to be two possible solutions.
I just try to set up the first option with two routers and am not having success.
I can't get the first router to talk to the second router and so on the second router systems cannot go out on the web.
For my test setup, I have a wired Linksys 4 port router which is ROUTER1. It has the address 192.168.1.1 and addresses between 192.168.1.100 to 192.168.1.105. This model has a DHCP tab, where I have enabled the DHCP server and specify starting address it of 192.168.1.100 and allow up to 6 connections.

ROUTER2 is a wireless router with 4 wired ports. I have disabled the function of wireless router and am just working with wired ports. It is where it gets difficult. I have to give him a LAN address and either enable or disable the DHCP function. I gave an address 192.168.1.105 and allowed him to serve up 192./168.1.110 to 192.168.1.115.
Under the parameter WAN I selected automatically obtain an IP address. I also tried specifying the ip address, but does not seem to work.
Router 1 does not seem to see two router.

So I began to believe that the second option is perhaps the easiest way.

You can offer me advice as to which is the best way to solve this problem.

Thank you.


Tags: Linksys Routers

Similar Questions

  • Port Forwarding problem through 2 routers RVS4000 2 subnets

    I modified a building network to be compliant (Visa) PABP where two router and two subnets are required.

    My original CD building network configuration was designed to allow remote access to a server terminal server via the port forwarding on a RVS4000 router. So cables / modems-> xx.xx.xx.xx wan ROUTER lan 192.168.1.1--> subnet 192.168.1.0 with TCP 3389 Port forwarding for 192.168.1.11 (terminal server).

    The new configuration of the network is composed of two routers RVS4000 on two subnets. So the Modem cable-> wan xx.xx.xx.xx ROUTER1 lan 192.168.2.2-> Subnet 192.168.2.0-> DMZ 192.168.2.14 and the second router wan ROUTER2 lan--> subnet 192.168.1.0 192.168.1.1 192.168.2.1.

    ROUTER1 is configured in Bridge mode and ROUTER2 is configured in router mode. Port forwarding on ROUTER1 to port TCP 3389 is 192.168.2.1 (on ROUTER2 wan port). Port forwarding on Router 2 for the TCP 3389 must 192.168.1.11 port (server address terminal server).

    With this new configuration of network I am able to connect to the Terminal Server remotely. No problem with access to the Internet and the 192.168.2.0 subnet from inside the 192.168.1.0 subnet.

    So I think my problem is through two RVS4000 routers port forwarding. Any help on this problem will be appreciated.

    Thank you.

    1. can you access the terminal server server from inside the subnet 192.168.2.0/24 using the IP WAN to Router 2, which is access 192.168.2.1:3389 from inside 192.168.2.0/24.

    2. turn on Router 2 router in Bridge mode. Try again. My guess is that this will make the work of transfer. I think that port forwarding is linked to the NAT/gateway mode. No NAT no transfer. Is not logical to use the transfer when you are able to access the IP directly without NAT. Of course, the web interface does not allow you to forward a port located outside the LAN subnet...

    3. are you sure that you can access internet through Router 2 in router mode on the LAN subnet router 2? Usually in the NAT their own LAN subnet routers only bridge mode but not others. If the RVS4000 not NAT a different subnet that would be good to know.

  • iSCSI - two subnets on a vswitch iscsi ports link

    Hello

    Is less than supported scenario about binding ports for the software iSCSI (ESXi 6.x)?

    Two in two different subnets (2 controllers) iSCSI storage devices: 192.168.10.x and 192.168.20.x (mask 255.255.255.0).

    ESXi host with a vSwitch iSCSI.

    Four exchanges vmkernel: two 192.168.10.x and two subnet 192.168.20.x subnet.

    There is a connection of software ISCSI ports configured for each vmkernel port.

    It is worth noting that this scenario is little different from the examples on VMware KB: considerations for use port binding software iSCSI in ESX/ESXi

    Does not this way. iSCSI ports link requires a one-to-one relationship between the vmkernel ports and vmnic.

    Of https://kb.vmware.com/kb/2045040

    To implement a group policy that is compatible with the binding of iSCSI ports, you need 2 or more ports vmkernel vSwitch and an equivalent of physical cards amount to bind them to....

    André

  • Best practices for network configuration of vSphere with two subnets?

    Well, then I'll set up 3 ESXi hosts connected to storage shared with two different subnets. I configured the iSCSI initiator and the iSCSI with his own default gateway - 192.168.1.1 - targets through a Cisco router and did the same with the hosts configured with its own default gateway - 192.168.2.2. I don't know if I should have a router in the middle to route traffic between two subnets since I use iSCSI ports linking and grouping of NETWORK cards. If I shouldn't use a physical router, how do I route the traffic between different subnets and use iSCSI ports binding at the same time. What are the best practices for the implementation of a network with two subnets vSphere (ESX host network: iSCSI network)? Thank you in advance.

    Install the most common iSCSI would be traffic between hosts and

    the storage is not being routed, because a router it could reduce performance.

    If you have VLAN 10(192.168.1.0/24) iSCSI, VLAN 20 (192.168.2.0/24) ESX

    MGMT and VLAN 30 (192.168.3.0/24) comments VMs and VLAN 40 (192.168.4.0/24)

    vMotion a deployment scenario might be something like:

    NIC1 - vSwitch 0 - active VMK (192.168.1.10) MGMT, vMotion VMK (192.168.4.10)

    standby

    NIC2 - vSwitch 1 - current (VLAN30) guest virtual machine port group

    NIC3 - vSwitch 2 - active VMK1 (192.168.1.10) iSCSI

    NIC4 - vSwitch 2 - active VMK2 (192.168.1.11) iSCSI

    NIC5 - vSwitch 1 - current (VLAN30) guest virtual machine port group

    NIC6 - vSwitch 0 - MGMT VMK (192.168.2.10) standby, vMotion

    VMK (192.168.4.10) active

    You would place you on VLAN 10 storage with an IP address of something like target

    192.168.1.8 and iSCSI traffic would remain on this VLAN. The default value

    gateway configured in ESXi would be the router the VLAN 20 with an ip address of

    something like 192.168.2.1. I hope that scenario help set some options.

    Tuesday, June 24, 2014 19:16, vctl [email protected]>

  • Need to know the features of the Modem/routers San

    NETGEAR has modem/wifi router which can also act as a Repeater?

    It is not quite unique, but it is one of a few routers Netgear who chose to work on the development community open source. There is work underway with the R8000, but is not as far along. The R7000 was long enough that the firmware gone 3 is relatively stable.

    WARNING: There is always some risk involved with the installation of 3rd party firmware, including the risk of bricking your router and void warranty. Carefully follow the installation instructions.

  • Routing and remote access - on three subnetworked, two subnet unable to reach to the internet!

    Hello

    Good evening everyone.

    I had a problem in Routing and remote access on windows 2003 server.  This server is already configured as a file server, domain server, and application server. Also configured as a router (thanks to access routing & remote) to connect the three different networks with each other. If this server has three NICs installed and each separate NIC network cards represent.

    three different networks are - 192.42.160.0/24, 192.42.161.0/24, 192.42.162.0/24

    Three cards of the NETWORK adapter installed on the server as with the IP - next

    NIC - 1 = 192.42.160.220, Sub - 255.255.255.0, gateway - No.

    NIC - 2 = 192.42.161.220, Sub - 255.255.255.0, gateway - 192.161.220.112 (this ip address for internet access then 4 g router IP)

    -3 = 192.42.162.220, NETWORK cards, Sub - 255.255.255.0, gateway - No.

    Now the question is I can get Internet & (also scathing in router ip 192.42.161.112) one network i.e. - 192.42.161.0/24, BUT when I try to access the internet from another two network (192.42.160.0/24 & 192.42.162.0/24) I can not access and in addition can not ping to internet router ip - 192.42.161.112...

    So, how do I access the internet to another two network also?

    I was already the configuration of static routing for all three network but I wasn't always successful. I don't really know what exactly static routing this should be done in access routing & remote area so that all three network can reach to the internet?

    Here is the result of the current track...

    D:\Documents and Settings\Administrateur > route print

    IPv4 routing table
    ===========================================================================
    List of the interface
    0x1 ........................... MS TCP Loopback interface
    0x2... 00 30 05 8f ad 5 c... Broadcom NetXtreme Gigabit Ethernet - Mi Teefer2
    niport
    0 x 3... 0E 00 c4 f8 a7 0c... Network Intel(r) PRO/1000 GT Desktop Adapter - Teefer2 M
    iniport
    0 x 4... 0E 00 0c a7 c5 85... Intel (r) PRO/1000 GT Desktop Adapter #2 - Teefer
    2 miniport
    ===========================================================================
    ===========================================================================
    Active routes:
    Network Destination gateway metric Interface subnet mask
    0.0.0.0 0.0.0.0 192.42.161.112 192.42.161.220 1
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.42.160.0 255.255.255.0 192.42.160.220 192.42.160.220 20
    192.42.160.220 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.42.160.255 255.255.255.255 192.42.160.220 192.42.160.220 20
    192.42.161.0 255.255.255.0 192.42.161.220 192.42.161.220 20
    192.42.161.220 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.42.161.255 255.255.255.255 192.42.161.220 192.42.161.220 20
    192.42.162.0 255.255.255.0 192.42.162.220 192.42.162.220 20
    192.42.162.220 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.42.162.255 255.255.255.255 192.42.162.220 192.42.162.220 20
    224.0.0.0 240.0.0.0 192.42.160.220 192.42.160.220 20
    224.0.0.0 240.0.0.0 192.42.161.220 192.42.161.220 20
    224.0.0.0 240.0.0.0 192.42.162.220 192.42.162.220 20
    255.255.255.255 255.255.255.255 192.42.160.220 192.42.160.220 1
    255.255.255.255 255.255.255.255 192.42.161.220 192.42.161.220 1
    255.255.255.255 255.255.255.255 192.42.162.220 192.42.162.220 1
    Default gateway: 192.42.161.112
    ===========================================================================
    Persistent routes:
    None

    Sorry if I'm not able to explain properly. Please let me know if you have to explain more about it...

    Thank you all.

    Mahesh

    Hello Manu,

    Please post this question in the forums TechNet for Windows Server 2003. They will be able to guide you further.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home

  • DHCP fails with two subnets and RV325 and SG300 - 28 p

    DHCP fails to issue addresses in double subnet environment.  Please see attached.

    Hello

    Mr. Ezzell, after reviewing all the screenshots and have a look at your configuration and you are not able to change the arrangement for VIRTUAL LANs, you can try this:

    As a work-around to use the router as DHCP VLAN 2 server, you can enable the DHCP server on the router for the VLAN 1, leave 2 IP addresses available, lets say 192.168.1.253 to 192.168.1.254 then go to static DHCP under network and the local network and hire two false addresses to these two IP addresses, so they will not be assigned to all devices. This way you will always be able to use your DHCP server without having to disable the DHCP server on the router

    Thank you for pointing out the firmware version very low on your switch, you actually run the firmware that came out of the unit.

    Here is a link to the firmware download page:

    https://software.Cisco.com/download/release.html?mdfid=283019669&flowid=...

    Please upgrade to the following firmware versions:

    1.2.9.44
    1.3.0.62
    1.3.5.58
    1.4.0.88

    Keep in mind that on the 1.3.5.58 version, you must also upgrade the bootcode using TFTP software.

    Once you are done with the upgrade of the connection check and see if it works.

  • URGENT! Two physical network with two subnets completely - no bridges - interface cannot connect both

    This is my urgent problem:

    I have a physical machine with two physical network interfaces. I have a VMWARE player and a virtual machine that must use cards on two different subnets, a public directly to the router and an intranet within the company.

    How can I just say a net card to go on this submarine and the other on the public void?  Go crazy. Help, please.

    Thank you

    P.

    Use the virtual network editor VMware Player, create an additional bridged VMnet and bind each bridged to a different physical network... card VMnet on a virtual machine, create a virtual network adapter on each subnet and bind each virtual network adapter to an another VMnet jumpered.

    For additional help with virtual network Editor, check this KB: VMware KB: using the VMware Workstation virtual network editor

  • Get two subnets talking on the same box of VMWare?

    Hey guys, quick question.

    I have an ESXi sandbox for a few tests gave me and I'm stumped trying to set up my lab.  Our society today has 40 + remote offices running on a Win2K3 domain.  I am trying to simulate the establishing a primary and DR site (both on different subnets) on ESXi in order to test some high availability software and don't have no idea how to get the various networks talk to each other.  I have Sites and Services put on my primary domain controller ready to go, but just need to get the two DC (PDC and remote GC) to speak so that I can continue.

    Is it possible to configure in ESXi through network cards?

    Thank you!

    -Matt

    You can add an additional VM with two network cards, one in each subnet, that performs routing between subnets.

    Best regards, Robert

  • WRT54GS do not "see" modem, but the two seem to work fine.

    Router: WRT54GS V7

    OS: Win XP

    Router was fine since it was installed (months; can't remember how much).  Had to reboot a couple of times, but not a big deal.  Today, he suddenly decided that he can no longer see my DSL modem.  All of the lights on the modem; all necessary lights are on the router, but they can't talk to each other for some reason any.

    When I connect the modem directly to the computer, the internet is fine.  When I hang in the router, LELA tells me that he has no internet connection.  Troubleshooting has followed to the letter, no luck.  Tried the instructions to set up a DSL connection (where you change 192.168.1.1 to 192.168.2.1), but it was a mess.  Reset the router, no change.

    I'm not a geek, so I don't know where to go from here.  Can anyone help?

    Steph VG

    Thanks for your solution.  I had actually done everything several times without success.  I had reconnected a lot more quickly as I rec'd an answer here (don't mean to be in a bad mood, just it is the reality of what I do), so I contacted the Linksys customer service and it turned off don't not to be a hardware problem at all; I downloaded the latest version of LELA and everything, it was fixed.

    In any case, thank you for taking the time to answer and for your help.

  • ASA balancing to two routers

    Hi all

    Is there anyway that I can balance workloads on both routers.

    I have an ASA with two attached routers each router has two instances of HSRP runs on each with its own IP address, each router is the main for one of the instances of HSRP. If there was no ASA in the way that I would set DHCP to browse through all of the functions of server through another hey presto (of sort) load balancing. However, I can't do what the ASA has only a single internal IP address. Routers treat natting because they are on different IP ranges on different Internet service providers.

    I can't use GLBP as the external IP evolution would break VPN RDP and SMTP connections.

    Is it possible that I can make the road ASA based on the source IP address, or any other means to separate the traffic between two routers?

    Thanks in advance,

    Scott

    You cannot route based on ip source with only firewall with router possiable by ACB

    You can give each of them point to router deffrent with metric deffrent from the static routes

    in this case, it will make the topology as active standby, which is not good in your case

    but you can use sub interfaces on your case make the ASA NRTIs each subinterface in deffrent subnet and deffrent security level

    and let each subinterface use deffrent hsrp instance

    or there is another way

    IF you are not using VPN on your ASA you can reach in the context of multiple

    in the context of several you're going to separate your firewall virtually

    so if you have two VLAN in your network (two subnets deffrent)

    then each subnet use almost deffrent firewall

    goona u divide the internal interface to two subinterfaces

    and you can use a shred of interface between the context outside or separate for two subinterfaces

    and assign these interface for each context

    If you go to each context as firewall deffrent

    and you can use the HSRP deffrent on each context instance

    but the multiple context, you can use VPN on the firewall

    Use the following method *.

    The OTHER WAY THAT ALSO I have SUGIST YOU to TRY, this IS THE Transparent firewall

    in the case your firewall works in L2 mode

    so you can use routers in HSRP IPS AS there is no firewall in the path

    which i thnk useful for you case also

    in transperant mode the way to defaultgate for your customer will be the hsrp IP because the firewall will not have everything except IPs management

    the useres will also be in the same IP subnet as the gateway in your case HSRP VIP

    and also, you can control the security of the network through the firewall normally

    try this way and let me know

    See the following link for the configuration

    http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

    Please, note useful

  • Mac Pro-connect on two private subnets

    CNA Pro... running Leopard OSX 10.5,5 with 8Gig memory on-board.

    Running VMWare Fusion 2 with update.

    Need to run across two private subnets...

    10.0.10.XX (en0) IP static set of works DNS etc. for host OSX Mac Pro applications running as FCPro/Protools etc.

    192.168.1.xx (en1) static The IP address defined for comments that XP Professional will host a few apps like Autocad and Mathcad etc must log on Win2k domain as well...

    These are statically assigned IP addresses , as they will be all the time, persistent connections.

    Added 'second virtual network' adapter... both the value "bridged mode".

    Have tried the 'bridge' mode to try to achieve connectivity direct en1 interface across XP Pro. assign a static IP "virtual adapter 2 '...

    (Checked that this scenario seems to work very well on an iMAC, I place last week... opens a session on the Win2K domain... everything works but only single NIC)

    Dave Parsons excellent scripts have tried... VMWare should give the guy a medal! hire a consultant at the same time.

    I have a little more Mac Pro to put in place...

    Question...

    How can I configure vmnet 0, 1 and 8 to work correctly with en1 in bridged mode, if it isn't the right strategy?

    So if I want to add an other "guest" for example machine Linux how could I get it to connect properly on to en0?

    My apologies if this question may seem simple. Just think VMWare should be a simple and easy task...

    Could do the same thing with routers Cisco/ACL etc., then fill the two subnets with material, but that's not the point is it!

    Any assistance received with gratitude and once more a big thank you to Dave Parsons and everyone that make VMWare a "pleasant" experience

    FWIW, I have no problem to use VM@Work Tokamak 2.0.0 to fill two different virtual networks for the 2 network cards physical on my Mac which are on different subnets and have connectivity across two subnets of in Virtual Machines.

    It sounds like you haven't read fully the 'Tokamak.pdf VM@Work' in the or the document Advanced Networking Configuration - Tokamak Networking Scripts for VMware Fusion .  The reason I say it's you haven't mentioned nowhere in this thread that you have changed the configuration the target Virtual Machine's .vmx file to support the changes you made to the virtual network using VM@Work Tokamak 2.0.0 VMware.

    In other words do you have added/changed the .vmx as well? (See 4.0 change comments VMX file in the documentation.)

    Convention:

    .gift Ethernet (n) = 'TRUE '.

    Ethernet (n) .connectionType = "custom".

    Ethernet (n) .vnet = 'VMnet (n).

    Example:

    ethernet0. Present = 'TRUE '.

    ethernet0. ConnectionType = "custom".

    ethernet0.VNET = "VMnet0.

    Ethernet1. Present = 'TRUE '.

    Ethernet1. ConnectionType = "custom".

    Ethernet1.VNET = "VMnet2.

    If you have done this then in order to resolve this problem you must validate out ifconfig from the Host and ifconfig or ipconfig/all (depending on guest operating system) out of comments and the .vmx config file target VMS to begin with. (It is recommended that you redirect the output to a file on disk and then archive and attach the requested information to a reply post vs just copy and paste in reply.)

    Also why are you fill vmnet1 and vmnet8?  Personally, I recommend to leave the default value for the Type of network for vmnet1 and vmnet8 and add additional vmnet for additional bridged network.

  • HA AEC in two different subnets.

    Hello

    I have to configure two ACS 1113 ver 4.1 (4) high reliability in two places different and two different subnets.

    A device will be required to manage an office, the second the other office, but if one goes down the other is responsible for the entire network.

    Two subnets are accessible from all devices.

    Will set up the RADIUS server on all systems.

    The ACS are connected to Active Directory to authenticate users.

    My question is, can I create a profile ACS are replicated to the other, even if they are on two different subnets? Can I do a HA on two different subnets?

    Thank you.

    Sorry for my bad answer above. I corrected to provide you with the information you need

    Yes. Replication should work if two s ACS server on different subnets.

    See the example in config also, it will help you: http://tiny.cc/g04rkw

    HTH

    Amjad

    Rating of useful answers is more useful to say "thank you".

  • Shared the data store two different subnets

    I created a network of development/test on a vlan / subnet and a network of production on one vlan / subnet separate. Two subnets are segrated to exclude questions of domain/AD.

    How can I create a shared data store that is accessed by clients of vm on two subnets?

    I would like to access the data from the network to prod store so I can drop files and iso in that the test network will have access to.

    Thank you

    Unfortunately not... you can not show USB devices to virtual machines. Try to use tools such as "USB Anywhere" to USB for VMS using the network.

    Marcelo Soares

    VMWare Certified Professional 310/410

    Master virtualization technology

    Globant Argentina

    Review the allocation of points for "useful" or "right" answers.

  • Two guests with a different subnet on the same bridge vmnet0

    Hi all, I have a server in a data center.  The data center has awarded me two different

    Beaches of IP addresses with two separate subnets.  The first beach with the subnet to 255.255.255.248

    compatible with my 3 people systems hosts that use bridged networking on vmnet0.

    4th OS uses 255.255.255.0 and bridge over vmnet0, however

    I can not get on the net, can't even ping the gateway.

    Then the bridge vmnet0 manage two different subnets?

    Thank you

    Matt

    Yes, network bridge can have several subnets.  Bridged using, your virtual machine works like any other physical machine on the network.  So just as if two physical machines on the same physical LAN had different submet, they would not be able to communicate directly with each other, so also with your virtual machine having a different subnet.  With two subnets, you should probably two gateways.  If you cannot change the 4th VM subnet to match others, you would need a router between the two subnets.  (Again, same as if they were physical machines.)

Maybe you are looking for