Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Separate Networks Sharing Internet Access

Hello,

Our network admin is in the process of being replaced.  I'm a software developer trying to do some network admin duties in the interim.  So please be gentle. 

We are in the midst of creating a new network for the office.  The new network will be run in parallel to the existing network until all the kinks are worked out and we confirm all is working as desired.  So we need to have both networks up & running but be completely independent and separate from each other.  Here is the list of hardware we currently have in place, in connection order,

5 public static IP's from our ISP

Cable modem for internet access

Cisco 851 router (no wireless)

Netgear VPN Firewall - FVX538 (using FE0 on Cisco)

Netgear Switch - GS724T

I have confirmed with our ISP that the Cisco router is a "stock" router with nothing blocked.  So it should be in a default/factory setting.

For our second network, we have another Netgear FVX538 which we would like to connect to the Cisco router for internet access and keep both networks separate on the LAN side.  We would like to access the 2 networks separately using 2 of our static ip's we have from our ISP to control which network they use based on the which IP they are trying to connect to the office on.  And both networks require internet access from the office.

So what do I need to do to get these 2 separate networks working?  Do I need any more hardware?  I'm sure, as in most cases, there will be a cheap way to achieve this and then there will be a proper way.  I'll settle for the cheap solution for now to get it working but I like having options, so having a better/best solution is appreciated too.

If you need any more information, let me know.

If this specific topic has been discussed in another thread, please post the link.

Thanks for any help you can provide.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Separate Networks Sharing Internet Access

To the Cisco it's just 1 network (and it is). That network has the public IP's and has 3 hosts on it; the Cisco router and each Netgear firewall. The private side of the firewalls are masked by the public IP's (ie NAT) and the Cisco doesn't need to know their real IP's. The Netgear firewall will respond when the Cisco says , "Hey I have traffic for this public IP". If Netgear 1 has that IP, it will say, "Send it to me" and the second Netgear won't say anything because it doesn't have that IP. Works vice-versa when traffic is sent to an IP destined for Netgear 2. Does that make sense?

9 REPLIES

Re: Separate Networks Sharing Internet Access

This shouldn't be to hard to setup. You will some connectivity between the Cisco router and your two Netgear firewalls. Does the GS724T switch support VLANs? If so we can create a new VLAN and use that for the switching infrastructure between the Cisco and the Netgear firewalls.

New Member

Re: Separate Networks Sharing Internet Access

Thanks for the quick reply Collin.

Yes, the Netgear GS724T switch supports up to 128 static VLANs.

Re: Separate Networks Sharing Internet Access

I just checked the 851 router and it has multiple switchports, so we don't need to create the VLAN. You should be able to connect the second firewall to the 851 router. Assign the firewall one of the public IP's and your should be good to go. I've attached a picture just to make sure we're on the same page.

New Member

Re: Separate Networks Sharing Internet Access

Thanks Collin.  Another quick response and with pictures too!  

That is just way too simple.  I think even I can handle that setup.

Just so I have it clear in my head, does the Cisco know to do the routing correctly to the 2 different networks?  Because of the external IP addresses assigned to the Netgear routers?  The Cisco "auto senses" the Netgear routers and routes the network traffic according the external IP the traffic is coming on?

Re: Separate Networks Sharing Internet Access

To the Cisco it's just 1 network (and it is). That network has the public IP's and has 3 hosts on it; the Cisco router and each Netgear firewall. The private side of the firewalls are masked by the public IP's (ie NAT) and the Cisco doesn't need to know their real IP's. The Netgear firewall will respond when the Cisco says , "Hey I have traffic for this public IP". If Netgear 1 has that IP, it will say, "Send it to me" and the second Netgear won't say anything because it doesn't have that IP. Works vice-versa when traffic is sent to an IP destined for Netgear 2. Does that make sense?

New Member

Re: Separate Networks Sharing Internet Access

That is beautifully explained.  Even this developer could understand that explanation.  Thank You!

Ok.  I'm off to go make this all happen now.  Hopefully, with postive results.  Hopefully, I will report back with working results soon.

New Member

Re: Separate Networks Sharing Internet Access

Thank you SO much Collin!  I appreciate your patience and thorough explanation.

I was able to configure the second Netgear router using the other external IP in short order.  Everything is working perfectly.

Thanks!

Re: Separate Networks Sharing Internet Access

Glad to hear it. You're now a network guy too.

New Member

Re: Separate Networks Sharing Internet Access

That is an extremely terrifying thought. 

It was way to easy to get the router up & running....even with a couple of fat finger typos.  I was reading other posts and they were talking about Cisco configurations and commands and was way over my head.  I started to wonder what I was getting myself into.  But it was rather easy to do and very straight forward.  And with your explanations, I actually understand what the hell the devices are doing too.

Thanks again.  You've made this a great Friday and hopefully a good start to the weekend.  Time for a beer!  

436
Views
0
Helpful
9
Replies
CreatePlease login to create content