General discussion

Locked

Network needs added segment - advice

By spot-2 ·
Our current network is rather simple. A DSL internet connection into a Smoothwall (Linux) firewall, which serves approx. 20 users on a NT4.0 server.
The accounting department is updating software and needs an independent network with a VPN connection to the internet(for remote users-2).
I can add VPN capabilities to the firewall. I would like to keep one internet connection for both networks. What is required to have both networks served by one internet connection? It would be desirable for the accounting department to access the main network, but the accounting network must not be accessible from the main network. The accounting network will have a W2K server.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Network needs added segment - advice

by rohan_r In reply to Network needs added segme ...

hi
does your linux box act also as the router or do you have a saparate router.if you have a saparate router you could creat two sub-nets for the two departments. and i would use the win2k server to store all the users and use active directory to control the permitions to the network. i don't any exprience with nt4.0 server so do not know what it can do but i know that win2k server can do the job for you.

hope this helps

P.S you can put the two groups in different domains and the give the apropiate access to the users

Collapse -

Network needs added segment - advice

by spot-2 In reply to Network needs added segme ...

Poster rated this answer

Collapse -

Network needs added segment - advice

by mshavrov In reply to Network needs added segme ...

If you can do VPN between sites using your Linux firewall - it's all you need. In general, VPN connection will be treated by Linux as "additional NIC card, connected to specific network". Just check that you have routing to "remote network" in Linuxbox.

In very general, what will happen:

* if router (your Linux Box / Firewall) receives the packet from the local network, proposed for local network, it just drops it (since it's in the LAN already).

* if router receives packet for "remote VPN network", it uses VPN interface to forward packet to that network (sure, if you have appropriate rules in firewall policy).

* if router receives packet for "unknown" network, it forwards it to "default gateway" (in your case Internet Connection).

Another concern in using VPN connection is QOS (quality of service). It means that you may need to perform some additional tasks on your Linux boxes to prioritize VPN traffic to make VPN connection more stable.

Good luck.

Collapse -

Network needs added segment - advice

by spot-2 In reply to Network needs added segme ...

Poster rated this answer

Collapse -

Network needs added segment - advice

by spot-2 In reply to Network needs added segme ...

This question was closed by the author

Back to Networks Forum
5 total posts (Page 1 of 1)  

Hardware Forums