LAN/WAN separated different network and access bi-direction

Unanswered Question
Jan 19th, 2010
User Badges:

Hello all,

I require some advice on following:

I have two different company network where each have own LAN/WAN subnet and resources.

Company A require access to Company B resources via WAN connection.

Company A has employee from Company B at the location

Company B employee need access the resource on his Company B and resource at Company A

At Company A location, employee from Company A and B are sit together (using same subnet)

Both company require some kind of security implement to only allow agreed traffic from either side.

Question 1:

How the Company B employee(at Company A location) access to Company A resource and Company B resource from the same machine ?

The answer should include

a. type of routing

b. is NAT require ?

c. is Layer 3 devices require at the location to separate two different subnet use by different Company?

d. how both employee get the ip address and DNS

Beside above, what if both company have access to own network via VPN. How to apply all above ?

Advice require.

Thanks and appreciate your time.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Igor Tumkin Thu, 01/28/2010 - 10:07
User Badges:
  • Cisco Employee,


There could be different designs to achive this.

The simplest way to do this is by implementing ACLs where appropriate.

1. Of course, you need to allocate a separate L3 subnet for the Company B employee at Company A location.

2. On Wan interfaces you put ACL to allow:

     -  Company A to reach Company B resources;

     -  Company B employee at Company A location to reach Company B resources;

3. On L3 interface at Company A location towards Company B employee put ACL to allow:

     - him to reach Company B resources;

     - him to reach Company A resource;

4. Type of routing does not matter. Even static will do, if there are only a few subnets. But any dynamic routing is better (e.g. OSPF or EIGRP), since networks tend to grow and dynamic routing provides resilience;

5. No need for NAT, as NAT is needed if network ranges overlap or you need to change/hide IP addresses.

6. L3 devices are needed, of course at both locations;

7. IP addresses and DNS are provided via DHCP, so you would need a DHCP server (could be configured on Cisco routers);

8. Not sure about VPN access - there are too many ways it could be organazed.




This Discussion