Network Config Advice (Slightly OT)

From: GQ (gqlee_at_canada.com)
Date: 10/04/04


Date: Mon, 04 Oct 2004 15:34:35 -0400

Our current network configuration consists of two separate subnets (one
for servers, one for workstations) which both connected to a common
server running Checkpoint FW-1 as our firewall (ie. there are 3 nics in
the FW server).

We currently have a number of external IPs (Internet accessible) which
are hosted on our firewall and then forwarded to the appropriate server.
  Machines on the server subnet are static assigned IPs and machines on
the workstation subnet are assigned using DHCP.

I want to eliminate the Checkpoint FW machine since it is a number of
years old and also being a NT4 box, it would be hard to get it back up
and running and configured again, as is, using current hardware (ex, if
motherboard went bad, we would need to basically reinstall OS from
scratch). So I am thinking of going towards a dedicated router/network
appliance instead of using a firewall software product.

Because of our two subnets, I am thinking I might need to use 2 sets of
routers. The first router would interface between the Internet and my
server subnet. The second router would interface between the server
subnet and my workstation subnet. Maybe something like this:

Internet Connection 1 (T1)
    |
    |
    |(External IPs Statically defined)
    |
Router 1 (RV082) ---------- Server Subnet (192.168.121.x)
    |
    |
    |(192.168.121.250)
    |
Router 2 (RV082) ---------- Workstations (192.168.51.x)
    |
    |(External IP dynamically defined)
    |
Internet Connection 2 (Cable)

As shown, I am thinking of using Linksys RV082 routers for this, because
they can offer the dual WAN capability and they can also act as a VPN
endpoint. But I have a few questions regarding the above (not the least
of which is, is this doable using the RV082?):

1. Can I defined any internal IP subnets I want or do I have to use
192.168.1.x for the internal side of the router?
2. How do I get the servers to communicate with the workstations
without going out through the internet and back (ie. can I define a
local static route between the two subnets so that they will communicate
  locally)? Using Checkpoint, we were able to do this using double NAT'ing.
3. Can the RV082 support/host multiple external IP addresses (ie. a
block of external addresses)?
4. Is there a better way of going about this?
5. With regards to the dual WAN ports, how does this work if you have
different ISPs? For example, we have a cable Internet connection and a
T1 connection. The T1 connection hosts our static IPs and the cable
connection is dynamically assigned. I would like to use the cable
connection to load balance the outbound connections from our
workstations (ie. web browsing and downloads). How do I insure that
local requests are transmitted through the proper port?
6. Can anyone explain what the difference is between a RV042, RV082 and
RV016, aside from the number of ports (ie. are there
features/capabilities missing or different between the different models).

Sorry for the long post. Any help is greatly appreciated. Thanks,

Alex



Relevant Pages

  • Re: Trouble integrating existing SBS 2003 server into a home netwo
    ... How to configure Internet access in Windows Small Business Server 2003 ... Turn off DHCP on the wireless router (and ICS on any of the workstations, ... Connect the SBS server NIC to a port on the wired router and ... Ethernet adapter Server Local Area Connection ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Client Incorrect Netmask (Vista -> Win2K3)
    ... server, "connection specific" DNS domain suffix, and the appropriate Subnet ... Mask from the DHCP server at the remote (VPN Server) side (if a DHCP Server ...
    (microsoft.public.windows.server.networking)
  • Re: SBS to SBS Trusts
    ... Your subnet can be virtually anything. ... it depends on what the other server ... The other option is a VPN (which I ... >> valid username & password and it will create the VPN connection. ...
    (microsoft.public.windows.server.sbs)
  • Re: Complicated Connection Problems bewteen ADP and SQL Server
    ... front end on the 5-8 workstations where the users happen to sit. ... expertise for getting the user workstations talking to the SQL Server. ... connection would fail and the adp wouldn't be able to talk to the server. ... thought that I should instead change my connection string to something ...
    (microsoft.public.access.adp.sqlserver)
  • Re: What can make DNS lookups slow? [semi-solved]
    ... You have a ADSL connection to the Internet. ... your firewall as eth0. ... And you have a connection to your server - that connection is known to ... this subnet. ...
    (Debian-User)