Archived from groups: comp.dcom.vpn (More info?)
Our current network configuration consists of two separate subnets (one
for servers, one for workstations) which both connected to a common
server running Checkpoint FW-1 as our firewall (ie. there are 3 nics in
the FW server).
We currently have a number of external IPs (Internet accessible) which
are hosted on our firewall and then forwarded to the appropriate server.
Machines on the server subnet are static assigned IPs and machines on
the workstation subnet are assigned using DHCP.
I want to eliminate the Checkpoint FW machine since it is a number of
years old and also being a NT4 box, it would be hard to get it back up
and running and configured again, as is, using current hardware (ex, if
motherboard went bad, we would need to basically reinstall OS from
scratch). So I am thinking of going towards a dedicated router/network
appliance instead of using a firewall software product.
Because of our two subnets, I am thinking I might need to use 2 sets of
routers. The first router would interface between the Internet and my
server subnet. The second router would interface between the server
subnet and my workstation subnet. Maybe something like this:
Internet Connection 1 (T1)
|
|
|(External IPs Statically defined)
|
Router 1 (RV082) ---------- Server Subnet (192.168.121.x)
|
|
|(192.168.121.250)
|
Router 2 (RV082) ---------- Workstations (192.168.51.x)
|
|(External IP dynamically defined)
|
Internet Connection 2 (Cable)
As shown, I am thinking of using Linksys RV082 routers for this, because
they can offer the dual WAN capability and they can also act as a VPN
endpoint. But I have a few questions regarding the above (not the least
of which is, is this doable using the RV082?):
1. Can I defined any internal IP subnets I want or do I have to use
192.168.1.x for the internal side of the router?
2. How do I get the servers to communicate with the workstations
without going out through the internet and back (ie. can I define a
local static route between the two subnets so that they will communicate
locally)? Using Checkpoint, we were able to do this using double NAT'ing.
3. Can the RV082 support/host multiple external IP addresses (ie. a
block of external addresses)?
4. Is there a better way of going about this?
5. With regards to the dual WAN ports, how does this work if you have
different ISPs? For example, we have a cable Internet connection and a
T1 connection. The T1 connection hosts our static IPs and the cable
connection is dynamically assigned. I would like to use the cable
connection to load balance the outbound connections from our
workstations (ie. web browsing and downloads). How do I insure that
local requests are transmitted through the proper port?
6. Can anyone explain what the difference is between a RV042, RV082 and
RV016, aside from the number of ports (ie. are there
features/capabilities missing or different between the different models).
Sorry for the long post. Any help is greatly appreciated. Thanks,
Alex
Our current network configuration consists of two separate subnets (one
for servers, one for workstations) which both connected to a common
server running Checkpoint FW-1 as our firewall (ie. there are 3 nics in
the FW server).
We currently have a number of external IPs (Internet accessible) which
are hosted on our firewall and then forwarded to the appropriate server.
Machines on the server subnet are static assigned IPs and machines on
the workstation subnet are assigned using DHCP.
I want to eliminate the Checkpoint FW machine since it is a number of
years old and also being a NT4 box, it would be hard to get it back up
and running and configured again, as is, using current hardware (ex, if
motherboard went bad, we would need to basically reinstall OS from
scratch). So I am thinking of going towards a dedicated router/network
appliance instead of using a firewall software product.
Because of our two subnets, I am thinking I might need to use 2 sets of
routers. The first router would interface between the Internet and my
server subnet. The second router would interface between the server
subnet and my workstation subnet. Maybe something like this:
Internet Connection 1 (T1)
|
|
|(External IPs Statically defined)
|
Router 1 (RV082) ---------- Server Subnet (192.168.121.x)
|
|
|(192.168.121.250)
|
Router 2 (RV082) ---------- Workstations (192.168.51.x)
|
|(External IP dynamically defined)
|
Internet Connection 2 (Cable)
As shown, I am thinking of using Linksys RV082 routers for this, because
they can offer the dual WAN capability and they can also act as a VPN
endpoint. But I have a few questions regarding the above (not the least
of which is, is this doable using the RV082?):
1. Can I defined any internal IP subnets I want or do I have to use
192.168.1.x for the internal side of the router?
2. How do I get the servers to communicate with the workstations
without going out through the internet and back (ie. can I define a
local static route between the two subnets so that they will communicate
locally)? Using Checkpoint, we were able to do this using double NAT'ing.
3. Can the RV082 support/host multiple external IP addresses (ie. a
block of external addresses)?
4. Is there a better way of going about this?
5. With regards to the dual WAN ports, how does this work if you have
different ISPs? For example, we have a cable Internet connection and a
T1 connection. The T1 connection hosts our static IPs and the cable
connection is dynamically assigned. I would like to use the cable
connection to load balance the outbound connections from our
workstations (ie. web browsing and downloads). How do I insure that
local requests are transmitted through the proper port?
6. Can anyone explain what the difference is between a RV042, RV082 and
RV016, aside from the number of ports (ie. are there
features/capabilities missing or different between the different models).
Sorry for the long post. Any help is greatly appreciated. Thanks,
Alex
Facebook
Twitter
Instagram