Need to connect 2 private Lans for sharing files while maintining security

Discussion in 'Cisco' started by BrooklynBadass, Jul 13, 2007.

  1. I want to share files with another office in the same building while
    keeping each network isolated and secure from the other. We each have
    our own Internet router, DHCP server, etc. and we are close enough to
    run a cable from one lan to the other. I ruled out Internet/VPN
    because the files are 200+MB in size. Could this done by plugging the
    lan port of a firewall into one network and the dmz port into the
    other? any ideas?
    thanks!
     
    BrooklynBadass, Jul 13, 2007
    #1
    1. Advertisements

  2. BrooklynBadass

    Trendkill Guest

    How often are you transferring it? During the day? If its only once
    and the file time is flexible, I'd say internet vpn is the way to go.
    Else you can run a ethernet across the two and create a middle network
    and turn up basic routing. You may want to use statics so you only
    allow traffic to/from certain addresses, and/or use ACLs to prevent
    all other traffic other than the copy itself.

    If its in the same office building, could always do a daily thumb
    drive drop-off...:)
     
    Trendkill, Jul 13, 2007
    #2
    1. Advertisements

  3. BrooklynBadass

    Trendkill Guest

    Oh and the reason I say internet is fine if its once or twice a day
    and flexible, is you can kickoff the transfer job during the evening,
    and with a decent 4-500 k cable connection, should only take 6-10
    minutes.
     
    Trendkill, Jul 13, 2007
    #3
  4. BrooklynBadass

    Trendkill Guest

    Although I'm guessing one side or the other has slow uplink speeds as
    most ISPs do, so unless you have a private T1 or something, this may
    rule out the internet option all together.
     
    Trendkill, Jul 13, 2007
    #4
  5. BrooklynBadass

    Scott Perry Guest

    This sounds better if your copied this to a 6GB flash drive and just ran it
    down the hallway. That's my network based opinion.

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
     
    Scott Perry, Jul 13, 2007
    #5
  6. BrooklynBadass

    Scott Perry Guest

    Yes, you can run a LAN speed cable from your firewall/router/whatever down
    the hall to the other office's firewall/router/whatever. If they are close
    enough, consider wireless instead. In office buildings, cabling is run up
    in the ceiling tile. If this is a long term solution, consider running a
    real wall jack on both ends of the cable run.

    Let us assume the following (because we do not know your equipment):
    Your office network is a 192.168.1.0 /24 network (192.168.1.0 -
    192.168.0.255)
    Their office network is a 172.16.0.0 /24 network (172.16.1.0 - 172.16.1.255)
    Both offices have a managable router (Cisco) with a spare ethernet port.
    Your desktop computer IP address is 192.168.1.25.
    Their desktop computer IP address is 172.16.1.25.

    Connect the two ethernet ports with a crossover cable. If you do not have a
    crossover ethernet cable or do not know what this is, put a cheap little
    pocket sized ethernet hub/switch between the two company routers.

    On your network router (assuming the port to the other company is
    FastEthernet 0/1), configure the following:
    interface FastEthernet 0/1
    description *** Ethernet to other office ***
    ip address 10.11.12.13 255.255.255.252
    ip access-group 123 in
    no shutdown
    !
    ip route 172.16.1.0 255.255.255.0 FastEthernet0/1 10.11.12.14
    !
    access-list 123 permit ip host 192.168.1.25 host 172.16.1.25

    On their network router (assuming the port to the other company is
    FastEthernet 0/1), configure the following:
    interface FastEthernet 0/1
    description *** Ethernet to other office ***
    ip address 10.11.12.14 255.255.255.252
    ip access-group 123 in
    no shutdown
    !
    ip route 192.168.1.0 255.255.255.0 FastEthernet0/1 10.11.12.13
    !
    access-list 123 permit ip host 172.16.1.25 host 192.168.1.25

    There is a better, more complete way to do this with policy based routing
    and NAT but I am leaving this answer for now to keep this simple.

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
     
    Scott Perry, Jul 13, 2007
    #6

  7. Thanks for responding. The file will be transferred several times per
    day and maybe more than that.
    I'd really like a solution that automates the process rather than
    carrying over a hard drive or some other media.
    I would image a router or firewall could do this but I'm not sure.
     
    BrooklynBadass, Jul 13, 2007
    #7
  8. Thanks for the info Scott. I replied a few days ago but it doesn't
    look as though it went through.
    We have linksys and netgear routers but I've worked with Cisco
    products and thought this would be a good source of information.
    We have a $1,200 budget. I'm wondering if I could connect a Cisco
    firewall or router between the two networks without replacing existing
    devices.
    I could give the E0 an address on network A and E1 an address on
    network B and place the server behind E1
    I would create rules to control traffic and add static routes to
    Windows XP on the workstations that will be used to transfer data.
    I was also considering a dual homed server with nic A on one network
    and nic B on the other.
    I'm probably completely wrong my plan but I hope it will help to
    communicate what I want to do.

    thanks
     
    BrooklynBadass, Jul 16, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.