2 IP Pool 1 Network Please help

[Guest]

Hi I just need some opinion/suggestions about the difficulties that I’m
having right now. I have a single Network that’s connected to the Internet
(Cable, DSL, ect.). Behind that I am using a Cisco PIX 501 to protect the
entire LAN (LAN IP Pool: 192.168.10.x). I also have 1 Windows 2000 Server
configured with AD for all the clients. Now we need to bring another network
(Point-to-Point) with a different IP Pool (IP Pool: 172.16.16.x) that can’t
be changed. 2 workstation that’s part of the 192.168.10.x network needs to
access a host that’s outside the Point-to-Point router and only a specific IP
Address from 172.16.16.x can access that host. We also need to maintain the
connection of the 2 workstation to the existing server and be accessible by
the other workstations on the 192.168.10.x network.

Now the question, is there a way I can leave the existing settings (DHCP
Enabled) on that 2 workstation and create a route on 192.168.111.x network?
If so where should I do that, on the PIX Firewall or on that particular
workstation itself? Any help or suggestions would be very much appreciated.
If you have any other question, please let me know.


Russell

 

[Phillip Windell]

Now the question, is there a way I can leave the existing settings (DHCP
Enabled) on that 2 workstation and create a route on 192.168.111.x network?
If so where should I do that, on the PIX Firewall or on that particular
workstation itself? Any help or suggestions would be very much appreciated.
If you have any other question, please let me know.

Can you explain this more clearly. This just makes me dizzy. I understand
that you have two network segments connected over a Point2Point Link, but
that is about where it ends. But let me take a stab at this using some
general principles and see what happens.

As a general rule all routing decisions are made by the device that is the
Default Gateway for the Clients. Whenever there are LAN Routers (like the
ones on the point2point link) they become the Default Gateway of the
Clients,..the clients use the LAN Router on the P2P link that directly
"faces" them. The LAN Routers then use the Internet Sharing Device as their
Default Gateway. If there are multiple Routers and multiple Internet
Devices, then the LAN Router most likely uses the closes Internet Device,
but situations may vary.

Any other specially required routes are also done on the LAN Router(s), not
the Internet Sharing Device. It is a common sense thing, you do not want
the LAN's own internal functionality to depend on devices dedicated to the
Internet,...you want the LAN to continue to funciton properly within itself
even if the Internet and any Internet realated Device fell off the face of
the earth.

All Internet Sharing Devices will require their own internal static route(s)
that tell them to use the LAN Router for any other internal segments apart
from the one the device is currently attached to. If such devices also have
a Local Address Table (LAT) then the IP Ranges of *all* the internal
segments must be included in LAT.

 

[Jordan]

Yes, you can use the RRAS VPN even though you are connected via the PTP
router now. You need to have RRAS installed on one of your 172.16.16.x
computers that give out 172.16.16.x IPs. When you fire up the VPN
connection on the 192 network traffic to the 172 network RRAS server traffic
for the 172 network will default to the VPN tunnel and appear on the 172
network as a local IP allowing communication with that host.

Obviously, the drawback is going to be a performance hit. Is there any
particular reason why you cannot include the 192 network in the access list?