cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
897
Views
0
Helpful
9
Replies

Separate Networks Sharing Internet Access

jason.simard
Level 1
Level 1

Hello,

Our network admin is in the process of being replaced.  I'm a software developer trying to do some network admin duties in the interim.  So please be gentle. 

We are in the midst of creating a new network for the office.  The new network will be run in parallel to the existing network until all the kinks are worked out and we confirm all is working as desired.  So we need to have both networks up & running but be completely independent and separate from each other.  Here is the list of hardware we currently have in place, in connection order,

5 public static IP's from our ISP

Cable modem for internet access

Cisco 851 router (no wireless)

Netgear VPN Firewall - FVX538 (using FE0 on Cisco)

Netgear Switch - GS724T

I have confirmed with our ISP that the Cisco router is a "stock" router with nothing blocked.  So it should be in a default/factory setting.

For our second network, we have another Netgear FVX538 which we would like to connect to the Cisco router for internet access and keep both networks separate on the LAN side.  We would like to access the 2 networks separately using 2 of our static ip's we have from our ISP to control which network they use based on the which IP they are trying to connect to the office on.  And both networks require internet access from the office.

So what do I need to do to get these 2 separate networks working?  Do I need any more hardware?  I'm sure, as in most cases, there will be a cheap way to achieve this and then there will be a proper way.  I'll settle for the cheap solution for now to get it working but I like having options, so having a better/best solution is appreciated too.

If you need any more information, let me know.

If this specific topic has been discussed in another thread, please post the link.

Thanks for any help you can provide.

1 Accepted Solution

Accepted Solutions

To the Cisco it's just 1 network (and it is). That network has the public IP's and has 3 hosts on it; the Cisco router and each Netgear firewall. The private side of the firewalls are masked by the public IP's (ie NAT) and the Cisco doesn't need to know their real IP's. The Netgear firewall will respond when the Cisco says , "Hey I have traffic for this public IP". If Netgear 1 has that IP, it will say, "Send it to me" and the second Netgear won't say anything because it doesn't have that IP. Works vice-versa when traffic is sent to an IP destined for Netgear 2. Does that make sense?

View solution in original post

9 Replies 9

Collin Clark
VIP Alumni
VIP Alumni

This shouldn't be to hard to setup. You will some connectivity between the Cisco router and your two Netgear firewalls. Does the GS724T switch support VLANs? If so we can create a new VLAN and use that for the switching infrastructure between the Cisco and the Netgear firewalls.

Thanks for the quick reply Collin.

Yes, the Netgear GS724T switch supports up to 128 static VLANs.

I just checked the 851 router and it has multiple switchports, so we don't need to create the VLAN. You should be able to connect the second firewall to the 851 router. Assign the firewall one of the public IP's and your should be good to go. I've attached a picture just to make sure we're on the same page.

Thanks Collin.  Another quick response and with pictures too!  

That is just way too simple.  I think even I can handle that setup.

Just so I have it clear in my head, does the Cisco know to do the routing correctly to the 2 different networks?  Because of the external IP addresses assigned to the Netgear routers?  The Cisco "auto senses" the Netgear routers and routes the network traffic according the external IP the traffic is coming on?

To the Cisco it's just 1 network (and it is). That network has the public IP's and has 3 hosts on it; the Cisco router and each Netgear firewall. The private side of the firewalls are masked by the public IP's (ie NAT) and the Cisco doesn't need to know their real IP's. The Netgear firewall will respond when the Cisco says , "Hey I have traffic for this public IP". If Netgear 1 has that IP, it will say, "Send it to me" and the second Netgear won't say anything because it doesn't have that IP. Works vice-versa when traffic is sent to an IP destined for Netgear 2. Does that make sense?

That is beautifully explained.  Even this developer could understand that explanation.  Thank You!

Ok.  I'm off to go make this all happen now.  Hopefully, with postive results.  Hopefully, I will report back with working results soon.

jason.simard
Level 1
Level 1

Thank you SO much Collin!  I appreciate your patience and thorough explanation.

I was able to configure the second Netgear router using the other external IP in short order.  Everything is working perfectly.

Thanks!

Glad to hear it. You're now a network guy too.

That is an extremely terrifying thought. 

It was way to easy to get the router up & running....even with a couple of fat finger typos.  I was reading other posts and they were talking about Cisco configurations and commands and was way over my head.  I started to wonder what I was getting myself into.  But it was rather easy to do and very straight forward.  And with your explanations, I actually understand what the hell the devices are doing too.

Thanks again.  You've made this a great Friday and hopefully a good start to the weekend.  Time for a beer!  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: