Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing between two networks

We have a new CA office and are leasing space from another company. this is are pupose plan:

- setup or own network with own T1, Router, Switch, and workstations

- We would like to be able to Route the company's IP on our network in order to utilize their printers.

What would be the best way to acomplish this. Thank you in advace for your cooperation.

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Routing between two networks

dukeminus wrote:

Jon,

There are differing levels of security. Your router should be able to use access-lists, perhaps reflexive access-lists and possibly even a full blow firewall feature set depending on the router and IOS version/feature set. Is it a Cisco router ? The router is a Cisco 3620 IOS 12.2(37)

Also just to make sure that I implement this correctly I was going to attach a cable from there switch to my switch setup the IP route on my router and hopefully I will have conectivity.

If the 3620 cannot support a firewall I have an older Cisco PIX firewall that I was thinking of using for that office.

If you have the Pix then use that as it is a dedicated firewall.

As for cabling you need to make sure you don't bypass the pix. I would simply connect the cable from their switch to the outside interface of your pix and then connect the inside interface of the pix to your switch. Add a route to your router for their network pointing to the inside interface of the pix.

Jon

12 REPLIES
Hall of Fame Super Blue

Re: Routing between two networks

dukeminus wrote:

We have a new CA office and are leasing space from another company. this is are pupose plan:

- setup or own network with own T1, Router, Switch, and workstations

- We would like to be able to Route the company's IP on our network in order to utilize their printers.

What would be the best way to acomplish this. Thank you in advace for your cooperation.

Best solution is to get a firewall and connect the inside to your LAN and the outside to their LAN and make sure no traffic is allowed to be initiated from their LAN.

To be honest they should also be firewalling the link.

Jon

New Member

Re: Routing between two networks

Would'nt it be easier to setup a route on my router to allow for us to see their network. Or could I setup a vlan on my switch using there subnet addressing and the make it routable thru the switch.

Hall of Fame Super Blue

Re: Routing between two networks

dukeminus wrote:

Would'nt it be easier to setup a route on my router to allow for us to see their network. Or could I setup a vlan on my switch using there subnet addressing and the make it routable thru the switch.

Yes absolutely it would be easier but not very secure.

How well do you trust the company and how well do they trust you ?

If you have a virus outbreak on your network how understanding will they be if it transfers to their network. And vice-versa.

If you each have internet connections and a person in the other company uses your internet connection to hack a third party site you are legally liable, not them.

What is the value of the data you have and they have and how much of a cost would it be to either company if that data was tampered with or destroyed.

I could go on but the above should be enough to give you an idea of how inherently insecure simply connecting up 2 companies networks are. As i say, of course simply connecting them up via an RJ45 link and adding routes is the easiest thing to do but not necessarily the right thing.

A lot depends on the relationship between your company and the other company but i wouldn't do it.

Jon

New Member

Re: Routing between two networks

Jon,

Thank you for that insight. I was not thinking in regards to the security aspect. With that said and I just add the route to see there network and they do not add a route on their router, I will only see their network, not vice-versa right.. If that is the case I will defintly add a firewall on my network.

Hall of Fame Super Blue

Re: Routing between two networks

dukeminus wrote:

Jon,

Thank you for that insight. I was not thinking in regards to the security aspect. With that said and I just add the route to see there network and they do not add a route on their router, I will only see their network, not vice-versa right.. If that is the case I will defintly add a firewall on my network.

Well, they could simply add a route

There are differing levels of security. Your router should be able to use access-lists, perhaps reflexive access-lists and possibly even a full blown firewall feature set depending on the router and IOS version/feature set. Is it a Cisco router ?

So you wouldn't necessairly need a separate firewall but there are a lot of variables. Using access-lists on a router is minimal in terms of CPU but acls are not that secure, they add some security but they can be quite easily overcome. Running a firewall on the router does hit the CPU but it is a lot more secure.

It is a tradeoff between complexity,threat and value/critcality of assets. Your manager(s) will probably always want the quickest, easiest and cheapest solution so you need to make sure that if you go that route they fully understand the potential security implications.

Jon

New Member

Re: Routing between two networks

Jon,

There are differing levels of security. Your router should be able to use access-lists, perhaps reflexive access-lists and possibly even a full blow firewall feature set depending on the router and IOS version/feature set. Is it a Cisco router ? The router is a Cisco 3620 IOS 12.2(37)

Also just to make sure that I implement this correctly I was going to attach a cable from there switch to my switch setup the IP route on my router and hopefully I will have conectivity.

If the 3620 cannot support a firewall I have an older Cisco PIX firewall that I was thinking of using for that office.

Hall of Fame Super Blue

Re: Routing between two networks

dukeminus wrote:

Jon,

There are differing levels of security. Your router should be able to use access-lists, perhaps reflexive access-lists and possibly even a full blow firewall feature set depending on the router and IOS version/feature set. Is it a Cisco router ? The router is a Cisco 3620 IOS 12.2(37)

Also just to make sure that I implement this correctly I was going to attach a cable from there switch to my switch setup the IP route on my router and hopefully I will have conectivity.

If the 3620 cannot support a firewall I have an older Cisco PIX firewall that I was thinking of using for that office.

If you have the Pix then use that as it is a dedicated firewall.

As for cabling you need to make sure you don't bypass the pix. I would simply connect the cable from their switch to the outside interface of your pix and then connect the inside interface of the pix to your switch. Add a route to your router for their network pointing to the inside interface of the pix.

Jon

New Member

Re: Routing between two networks

Jon,

It was great working with you on this issue. I have attached a basic Visio on the setup. Is this the way to go ?

Hall of Fame Super Blue

Re: Routing between two networks

Can you post visio as a .jpg as i have don't have visio on my laptop ?

Jon

616
Views
0
Helpful
12
Replies