Need to connect 2 private Lans for sharing files while maintining security

Discussion in 'Cisco' started by BrooklynBadass, Jul 13, 2007.

  1. I want to share files with another office in the same building while
    keeping each network isolated and secure from the other. We each have
    our own Internet router, DHCP server, etc. and we are close enough to
    run a cable from one lan to the other. I ruled out Internet/VPN
    because the files are 200+MB in size. Could this done by plugging the
    lan port of a firewall into one network and the dmz port into the
    other? any ideas?
    thanks!
     
    BrooklynBadass, Jul 13, 2007
    #1
    1. Advertising

  2. BrooklynBadass

    Trendkill Guest

    On Jul 13, 7:59 am, BrooklynBadass <> wrote:
    > I want to share files with another office in the same building while
    > keeping each network isolated and secure from the other. We each have
    > our own Internet router, DHCP server, etc. and we are close enough to
    > run a cable from one lan to the other. I ruled out Internet/VPN
    > because the files are 200+MB in size. Could this done by plugging the
    > lan port of a firewall into one network and the dmz port into the
    > other? any ideas?
    > thanks!


    How often are you transferring it? During the day? If its only once
    and the file time is flexible, I'd say internet vpn is the way to go.
    Else you can run a ethernet across the two and create a middle network
    and turn up basic routing. You may want to use statics so you only
    allow traffic to/from certain addresses, and/or use ACLs to prevent
    all other traffic other than the copy itself.

    If its in the same office building, could always do a daily thumb
    drive drop-off...:)
     
    Trendkill, Jul 13, 2007
    #2
    1. Advertising

  3. BrooklynBadass

    Trendkill Guest

    On Jul 13, 8:37 am, Trendkill <> wrote:
    > On Jul 13, 7:59 am, BrooklynBadass <> wrote:
    >
    > > I want to share files with another office in the same building while
    > > keeping each network isolated and secure from the other. We each have
    > > our own Internet router, DHCP server, etc. and we are close enough to
    > > run a cable from one lan to the other. I ruled out Internet/VPN
    > > because the files are 200+MB in size. Could this done by plugging the
    > > lan port of a firewall into one network and the dmz port into the
    > > other? any ideas?
    > > thanks!

    >
    > How often are you transferring it? During the day? If its only once
    > and the file time is flexible, I'd say internet vpn is the way to go.
    > Else you can run a ethernet across the two and create a middle network
    > and turn up basic routing. You may want to use statics so you only
    > allow traffic to/from certain addresses, and/or use ACLs to prevent
    > all other traffic other than the copy itself.
    >
    > If its in the same office building, could always do a daily thumb
    > drive drop-off...:)


    Oh and the reason I say internet is fine if its once or twice a day
    and flexible, is you can kickoff the transfer job during the evening,
    and with a decent 4-500 k cable connection, should only take 6-10
    minutes.
     
    Trendkill, Jul 13, 2007
    #3
  4. BrooklynBadass

    Trendkill Guest

    On Jul 13, 8:38 am, Trendkill <> wrote:
    > On Jul 13, 8:37 am, Trendkill <> wrote:
    >
    >
    >
    > > On Jul 13, 7:59 am, BrooklynBadass <> wrote:

    >
    > > > I want to share files with another office in the same building while
    > > > keeping each network isolated and secure from the other. We each have
    > > > our own Internet router, DHCP server, etc. and we are close enough to
    > > > run a cable from one lan to the other. I ruled out Internet/VPN
    > > > because the files are 200+MB in size. Could this done by plugging the
    > > > lan port of a firewall into one network and the dmz port into the
    > > > other? any ideas?
    > > > thanks!

    >
    > > How often are you transferring it? During the day? If its only once
    > > and the file time is flexible, I'd say internet vpn is the way to go.
    > > Else you can run a ethernet across the two and create a middle network
    > > and turn up basic routing. You may want to use statics so you only
    > > allow traffic to/from certain addresses, and/or use ACLs to prevent
    > > all other traffic other than the copy itself.

    >
    > > If its in the same office building, could always do a daily thumb
    > > drive drop-off...:)

    >
    > Oh and the reason I say internet is fine if its once or twice a day
    > and flexible, is you can kickoff the transfer job during the evening,
    > and with a decent 4-500 k cable connection, should only take 6-10
    > minutes.


    Although I'm guessing one side or the other has slow uplink speeds as
    most ISPs do, so unless you have a private T1 or something, this may
    rule out the internet option all together.
     
    Trendkill, Jul 13, 2007
    #4
  5. BrooklynBadass

    Scott Perry Guest

    This sounds better if your copied this to a 6GB flash drive and just ran it
    down the hallway. That's my network based opinion.

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
    "BrooklynBadass" <> wrote in message
    news:...
    >I want to share files with another office in the same building while
    > keeping each network isolated and secure from the other. We each have
    > our own Internet router, DHCP server, etc. and we are close enough to
    > run a cable from one lan to the other. I ruled out Internet/VPN
    > because the files are 200+MB in size. Could this done by plugging the
    > lan port of a firewall into one network and the dmz port into the
    > other? any ideas?
    > thanks!
    >
     
    Scott Perry, Jul 13, 2007
    #5
  6. BrooklynBadass

    Scott Perry Guest

    Yes, you can run a LAN speed cable from your firewall/router/whatever down
    the hall to the other office's firewall/router/whatever. If they are close
    enough, consider wireless instead. In office buildings, cabling is run up
    in the ceiling tile. If this is a long term solution, consider running a
    real wall jack on both ends of the cable run.

    Let us assume the following (because we do not know your equipment):
    Your office network is a 192.168.1.0 /24 network (192.168.1.0 -
    192.168.0.255)
    Their office network is a 172.16.0.0 /24 network (172.16.1.0 - 172.16.1.255)
    Both offices have a managable router (Cisco) with a spare ethernet port.
    Your desktop computer IP address is 192.168.1.25.
    Their desktop computer IP address is 172.16.1.25.

    Connect the two ethernet ports with a crossover cable. If you do not have a
    crossover ethernet cable or do not know what this is, put a cheap little
    pocket sized ethernet hub/switch between the two company routers.

    On your network router (assuming the port to the other company is
    FastEthernet 0/1), configure the following:
    interface FastEthernet 0/1
    description *** Ethernet to other office ***
    ip address 10.11.12.13 255.255.255.252
    ip access-group 123 in
    no shutdown
    !
    ip route 172.16.1.0 255.255.255.0 FastEthernet0/1 10.11.12.14
    !
    access-list 123 permit ip host 192.168.1.25 host 172.16.1.25

    On their network router (assuming the port to the other company is
    FastEthernet 0/1), configure the following:
    interface FastEthernet 0/1
    description *** Ethernet to other office ***
    ip address 10.11.12.14 255.255.255.252
    ip access-group 123 in
    no shutdown
    !
    ip route 192.168.1.0 255.255.255.0 FastEthernet0/1 10.11.12.13
    !
    access-list 123 permit ip host 172.16.1.25 host 192.168.1.25

    There is a better, more complete way to do this with policy based routing
    and NAT but I am leaving this answer for now to keep this simple.

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
    "BrooklynBadass" <> wrote in message
    news:...
    >I want to share files with another office in the same building while
    > keeping each network isolated and secure from the other. We each have
    > our own Internet router, DHCP server, etc. and we are close enough to
    > run a cable from one lan to the other. I ruled out Internet/VPN
    > because the files are 200+MB in size. Could this done by plugging the
    > lan port of a firewall into one network and the dmz port into the
    > other? any ideas?
    > thanks!
    >
     
    Scott Perry, Jul 13, 2007
    #6
  7. On Jul 13, 8:37 am, Trendkill <> wrote:
    > On Jul 13, 7:59 am, BrooklynBadass <> wrote:
    >
    > > I want to share files with another office in the same building while
    > > keeping each network isolated and secure from the other. We each have
    > > our own Internet router, DHCP server, etc. and we are close enough to
    > > run a cable from one lan to the other. I ruled out Internet/VPN
    > > because the files are 200+MB in size. Could this done by plugging the
    > > lan port of a firewall into one network and the dmz port into the
    > > other? any ideas?
    > > thanks!

    >
    > How often are you transferring it? During the day? If its only once
    > and the file time is flexible, I'd say internet vpn is the way to go.
    > Else you can run a ethernet across the two and create a middle network
    > and turn up basic routing. You may want to use statics so you only
    > allow traffic to/from certain addresses, and/or use ACLs to prevent
    > all other traffic other than the copy itself.
    >
    > If its in the same office building, could always do a daily thumb
    > drive drop-off...:)



    Thanks for responding. The file will be transferred several times per
    day and maybe more than that.
    I'd really like a solution that automates the process rather than
    carrying over a hard drive or some other media.
    I would image a router or firewall could do this but I'm not sure.
     
    BrooklynBadass, Jul 13, 2007
    #7
  8. On Jul 13, 11:33 am, "Scott Perry" <scottperry@aciscocompany> wrote:
    > Yes, you can run a LAN speed cable from your firewall/router/whatever down
    > the hall to the other office's firewall/router/whatever. If they are close
    > enough, consider wireless instead. In office buildings, cabling is run up
    > in the ceiling tile. If this is a long term solution, consider running a
    > real wall jack on both ends of the cable run.
    >
    > Let us assume the following (because we do not know your equipment):
    > Your office network is a 192.168.1.0 /24 network (192.168.1.0 -
    > 192.168.0.255)
    > Their office network is a 172.16.0.0 /24 network (172.16.1.0 - 172.16.1.255)
    > Both offices have a managable router (Cisco) with a spare ethernet port.
    > Your desktop computer IP address is 192.168.1.25.
    > Their desktop computer IP address is 172.16.1.25.
    >
    > Connect the two ethernet ports with a crossover cable. If you do not have a
    > crossover ethernet cable or do not know what this is, put a cheap little
    > pocket sized ethernet hub/switch between the two company routers.
    >
    > On your network router (assuming the port to the other company is
    > FastEthernet 0/1), configure the following:
    > interface FastEthernet 0/1
    > description *** Ethernet to other office ***
    > ip address 10.11.12.13 255.255.255.252
    > ip access-group 123 in
    > no shutdown
    > !
    > ip route 172.16.1.0 255.255.255.0 FastEthernet0/1 10.11.12.14
    > !
    > access-list 123 permit ip host 192.168.1.25 host 172.16.1.25
    >
    > On their network router (assuming the port to the other company is
    > FastEthernet 0/1), configure the following:
    > interface FastEthernet 0/1
    > description *** Ethernet to other office ***
    > ip address 10.11.12.14 255.255.255.252
    > ip access-group 123 in
    > no shutdown
    > !
    > ip route 192.168.1.0 255.255.255.0 FastEthernet0/1 10.11.12.13
    > !
    > access-list 123 permit ip host 172.16.1.25 host 192.168.1.25
    >
    > There is a better, more complete way to do this with policy based routing
    > and NAT but I am leaving this answer for now to keep this simple.
    >
    > --
    >
    > ===========
    > Scott Perry
    > ===========
    > Indianapolis, Indiana
    > ________________________________________"BrooklynBadass" <> wrote in message
    >
    > news:...
    >
    >
    >
    > >I want to share files with another office in the same building while
    > > keeping each network isolated and secure from the other. We each have
    > > our own Internet router, DHCP server, etc. and we are close enough to
    > > run a cable from one lan to the other. I ruled out Internet/VPN
    > > because the files are 200+MB in size. Could this done by plugging the
    > > lan port of a firewall into one network and the dmz port into the
    > > other? any ideas?
    > > thanks!- Hide quoted text -

    >
    > - Show quoted text -


    Thanks for the info Scott. I replied a few days ago but it doesn't
    look as though it went through.
    We have linksys and netgear routers but I've worked with Cisco
    products and thought this would be a good source of information.
    We have a $1,200 budget. I'm wondering if I could connect a Cisco
    firewall or router between the two networks without replacing existing
    devices.
    I could give the E0 an address on network A and E1 an address on
    network B and place the server behind E1
    I would create rules to control traffic and add static routes to
    Windows XP on the workstations that will be used to transfer data.
    I was also considering a dual homed server with nic A on one network
    and nic B on the other.
    I'm probably completely wrong my plan but I hope it will help to
    communicate what I want to do.

    thanks
     
    BrooklynBadass, Jul 16, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HMV

    Re: How to keep your private files private

    HMV, Feb 21, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    517
  2. Steve

    Re: How to keep your private files private

    Steve, Feb 21, 2006, in forum: Computer Support
    Replies:
    1
    Views:
    508
  3. John Holmes

    Re: How to keep your private files private

    John Holmes, Feb 21, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    460
    John Holmes
    Feb 21, 2006
  4. Daave

    Re: How to keep your private files private

    Daave, Feb 22, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    435
    Daave
    Feb 22, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,002
    Giuen
    Sep 12, 2008
Loading...

Share This Page