General discussion

Locked

LAN to LAN connection

By rushak ·
Scenario -

LAN A has it's own T1 line with a Cisco PIX 515E (3 interfaces) firewall. Inside, Outside, and DMZ are the names of the zones. Inside consists of local PC's and internal servers. DMZ has webservers. The default gateway for client PC's is pointed to the firewall.

LAN B is the same except for the IP scheme and some local resources. IIS and MS Exchange exist in the DMZ where as the local PC's are in the inside zone.

The goal is to have LAN A and LAN B access certain resources from each other without using the internet. For example Users on LAN A will need access to MS Exchange on LAN B. Both LAN's exist in the same building and all the networking equipment will exist in the same room. The goal is to also open/close ports as needed between the 2 networks. Also, each network will have to use their own T1 connection for web browsing and such.

My proposed idea is to have a firewall (2 interface) that sits between LAN A's inside network and LAN B's inside network. One interface will physically connect to LAN A's switch and the other interface will connect to LAN B's switch. I'm not sure if this is the best way to do this or it will give me all of the desired results. If does seem like the most practical solution....do I need to add static routes to the Cisco PIX on LAN A and LAN B? Typically this scenario would be more like a WAN with a leased line connection between the sites. Would I need to have a router for each LAN?

Thanks

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mshavrov In reply to LAN to LAN connection

Yes, your proposed solution is good. You may install either router or firewall with 2 interfaces and connect them into "Inside LANs".

Then you may either configure static routing in your existing PIX firewalls to forward appropriate traffic to appropriate gateway (new firewall/router), or configure and push static routing into each PCs and servers (may be ugly).

If you have more questions, e-mail me directly,

Michael Shavrov
CCNP, CCDP, CCSP, MCSE W2K, Sun SCSA, CheckPoint CCSA, Security+, ...

Collapse -

by rushak In reply to LAN to LAN connection

Thanks for the reply. That's good to know that I'm not off base here. We had a guy tell us that a router was needed on each inside network and then a firewall would sit on outside of that router for each network. I think this solution would be simplest without changing the infrastructure so much.

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums