Re: LAN RAS setup guide?
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 24 Dec 2008 11:52:49 -0600
Before I address this futher below,...keep in mind that the root cause is
due to you having a single subnet LAN that does not already have a LAN
Router making the Routing Decisions which leave your Firewall as the Default
Gateway of everything.
If you LAN was multi-segment with a LAN Router as the Default Gateway of
everything (meaning the firewall would not be such),...you would not even be
having this problem.
Now,...onward....
"Bill Kearney" <wkearney99@xxxxxxxxxxx> wrote in message
news:ysqdnYkCa5qpV9HUnZ2dnUVZ_gmdnZ2d@xxxxxxxxxxxxxxxx
The root of your problem is the two Internet connections. That is, I
mean, each LAN has its own.
No, not if I don't expect the devices on each segment to use the other
outbound gateway.
No, just the opposite, two routers as I described is what let's each side
use thier own internet connection instead of one side being forced to use
the "other side's" Internet connection,..which is what a single router
causes.
Think this illustration through. Your problem is the exact same situation
you would create if you had two Subnets on your lan with a single router
between them,...then tried to have each subnet with its own separate
firewall and internet connection. It just would not work like that because
both subnets would need to use the LAN Router as the Default Gateway which
is turn would use one of the Firewalls as its Default Gateway (leaving the
other firewall unused).
I just want the hosts to connect to each other.
Then it takes what I described. Although I have another suggestion below..
Two RAS boxes? That's a stupid waste of money.
That is a matter of opinion. If that is what the network structure
requires,..then that is what it requires.
However with modern Firewalls there is a new option if the Firewalls are
multi-interfaced (more than just 2). Many Firewalls have other interfaces
that can be used for additional "internal" segments or DMZ segments. If the
two firewalls involved can have an additional "internal" (that's internal,
not DMZ) on one of their other interfaces then you would connect the two
"extra" interfaces of the firewalls to each other and give it the "2-host"
IP Segment,..then establish a "routed" relationship (not a firewalled NAT)
between the real LAN segments and this one. It would look like this
[Internet] [Internet]
| |
<Firewall #1>---2-host link---<Firewall #2>
| |
[LAN #1] [LAN #2]
Now each LAN can use their own Firewall as their Default Gateway and it
works fine because the Firewall is pulling double-duty by acting as a LAN
Router and A Firewall at the same time. Notice with this that you **still**
have two router boxes involved :-),...it is just that you didn't have to
buy anything because something you already have in place is doing multiple
jobs.
Hope that makes sense...
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
.
- Follow-Ups:
- Re: LAN RAS setup guide?
- From: Bill Kearney
- Re: LAN RAS setup guide?
- References:
- LAN RAS setup guide?
- From: Bill Kearney
- Re: LAN RAS setup guide?
- From: Meinolf Weber [MVP-DS]
- Re: LAN RAS setup guide?
- From: Bill Kearney
- Re: LAN RAS setup guide?
- From: Bill Grant
- Re: LAN RAS setup guide?
- From: Bill Kearney
- Re: LAN RAS setup guide?
- From: Phillip Windell
- Re: LAN RAS setup guide?
- From: Bill Kearney
- LAN RAS setup guide?
- Prev by Date: Re: IPSEC routing ?
- Next by Date: Re: SOLVED Re: LAN RAS setup guide?
- Previous by thread: Re: LAN RAS setup guide?
- Next by thread: Re: LAN RAS setup guide?
- Index(es):
Relevant Pages
|
