2IPs, 2Routers, 1 Fiber Connection

By nerdbox ·
I need to setup a second IP for my fiber connection as one of my servers will be hogging port 443 and I need to setup an ssl-vpn also onto the fiber connection.

I've been reading that the easiest way to get this setup to work is to plug the fiber connection into a switch and then plug two routers into the switch.

What are the security concerns involved in this process?

If this is a viable process, how do I make this type of connection the most efficient, speedy and secure?

Is there hardware you recommend?

Anything else I should be aware of, like a completely different better way (ie. one router)?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

One router that can map a glocal local address pool

by CG IT In reply to 2IPs, 2Routers, 1 Fiber C ...

SonicWall make some inexpensive [compared to business class] routers that can map a pool of global local addresses. Netopia also has a few routers that are relatively inexpensive.

Using 2 routers simply creates 2 subnets and if you have local traffic that needs to traverse the subnets, they have to go through the routers and the router firewalls.

here's a toms hardware link on having the SonicWall TZ170 listen for more than 1 public address on the WAN connection.

Collapse -


by nerdbox In reply to One router that can map a ...

Thanks very much for your quick response. The VPN i'm using is a sonic wall vpn.

FYI, one of the routers will plug directly into a 24 port switch for our network to use as a gate way and the other one was planned to connect directly into the vpn.

With this setup in mind, would you still suggest the sonic wall hardware mentioned in your original post?

Collapse -

The SonicWall can listen for multiple public IPs

by CG IT In reply to Thanks!

the problem of being issued a pool of public addresses is using a router whos WAN port can only use one address. Then it's NAT for hosts behind the router. The SonicWall can listen for traffic on more than 1 public address and route that traffic to the host[server] that traffic is destined for. Basically a one to one mapping. You can also simply assign the public address to the host NIC and put them on the internet. Depends on the DCE connection your ISP provided [not T1 or E3 or DSL but the physical connection] [demarc point]. If it's ethernet, then you could use the switch method where you assign public addresses to hosts which provide public services. Hopefully those hosts have really good firewalls because they are directly connected to the internet.

Collapse -

a little over my head

by nerdbox In reply to The SonicWall can listen ...

I think I'll have to go with the sonic wall option as this is a little over my head.

I was originally going to set it up like this:

ISP Fiber Connection (ethernet) - Gigabit Switch - 2xLinksys Router - Sonic Wall SSL-VPN 2000(connected on one router) - 24 Port Switch(connected to the other router) - Office Lan -vpn connected to the switch as well.

sorry, I tried to make a diagram but the formatting disappeared when I completed posting.

The only issue that I have with the sonic wall appliance you're recommending is that it also does vpn which would be a bit of a waste wouldn't it?

Collapse -

two types of VPN

by CG IT In reply to a little over my head

the router itself acts as a VPN endpoint and the router forwards VPN traffic to a RRAS server which is the VPN endpoint.

next subject:

here's the deal with a pool of public addresses. Your ISP provides you with a physical connection to their network. DSL,ATM, Frame Relay, whatever, your equipment needs to be able to use that connection. For instance DSL. For DSL you need a modem which massages the signal for use on the DSL line.

Then the ISP provides you with an address. you can have 1,2, or however many addresses you want that are routable. Those addresses can be assigned to servers network cards and put on the network and they are directly connected to the Internet [ISP network]. You can assign the address to a router if you want. You don't really need a router to connect to the internet, just a host [computer, router, whatever] with a network card that can be configured with an address. If you have 6 addresses and 6 servers you want to directly connect to the internet, just configure their network cards with the public addresses, connect them to the ISP network and a way you go.

Related Discussions

Related Forums