RE: Network Design Question

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

one area of concern I see is the network addressing scheme. if you are using
10.0.1.0 network addressing with a standard subnet mask of 255.0.0.0, then
the networks of 10.0.1.0 and 10.0.2.0 are going to be seen as both on the
same local subnet and no routing will occur. How is the 10.0.2.0 network
connected to yours?
--
Steve Halvorson
Preferred Credit, Inc


"Meech" wrote:

We are switching vendors and our network topology just got a bit more
complex. Previously we used a fairly standard edge firewall
configuration. Internal was 192.168, external was public IPs, easy.

Now, we have a cisco IAD carrying traffic from several different
sources and I'm not sure how to set everything up.

Source #1 - Public IPs. We publish several services to the public
internet.
Source #2 - Static(?) VPN/Remote, 10.0.2.x. (Another site with a
cisco IAD)
Source #3 - Internal/Private subnet 10.0.1.x (the default internal
subnet)

I plugged in a laptop to the internal, and traffic is being routed
automagically between the 10.0.1 and 10.0.2 subnets. I assume via
static routes in the IADs.

Both of the 10.0 networks should be considered internal/private.

I'm not sure where to start. In the old scheme there was physical
seperation of the networks. Only traffic allowed via ISA passed
between them. Now I have 3 different subnets on the same switch.

I assume the outbound route will have to hit the 10.0.1 gateway
otherwise traffic destined for 10.0.2 won't fly.

Do I still need multiple nics? (Seems kind of pointless now that all
traffic is coming through the same wire)
Should I create a new "real" internal subnet, then map the 10.0.1/2 to
it?
Should all traffic go through the 10.0.1.x gateway now?
Can I statically assign the 10.0.2.x computers so they will use our
internal DNS?

I looked at the VPN settings in ISA. The 10.0.2.x subnet is
technically a VPN, but it's already routed into the 10.0.1.x space, so
I'm not sure that ISA will see it as a VPN -- I'm thinking more along
the lines of a 2nd local subnet.

The picture of how this works isn't too bad, the nitty gritty details
is what's tripping me up.

Can somebody kick me in the right direction?

.

Relevant Pages

  • Re: ipconfig question
    ... or proxy server might be from a regular user on the subnet? ... > network admin more than likely has a NAT system set up. ... > Internet. ... The NAT server, ...
    (microsoft.public.win2000.networking)
  • Re: Blocking Yahoo Messenger With Firewall??
    ... >info from the Feds and states for info on making policies, ... >them are users that would be using the Internet. ... packets from anywhere except the subnet where the authorized users are. ... have access to the rest of the company network, ...
    (alt.computer.security)
  • Re: SBS2003 Firewall Config with 2 Adapters
    ... 255.255.whatever is a 'subnet mask', the mask and network address determine ... In Daren's original config both network adapters are in the ... stable enough for server use. ... different subnet and run Connect to Internet wizard from to do list. ...
    (microsoft.public.windows.server.sbs)
  • Re: ICS questions and confusion
    ... >>>It doesn't HAVE to be on a different subnet, ... but that requires that the ICS host become a bridge. ... >> ICS is a software based NAT router, and routers work best when the ... >> network already had the required address 192.168.0.1" is confusing. ...
    (microsoft.public.windowsxp.network_web)
  • Re: How to set my MAC address
    ... because the VLAN isolation fails between the wifi side and the wired ... ports that I started experimenting with the 2nd subnet feature. ... there is no option to isolate the wireless from the VLAN. ... give out the password of my own wifi network, ...
    (uk.comp.sys.mac)