Multiple gateways??? Redundant connection suggestions.
Patrick
pert at tas-kc.com
Thu Mar 4 23:49:04 CST 2004
Ok I guess that was confusing. I do not have my own ASN and thus I do
not have my own Public network. Instead I have 2 public network address
spaces owned by 2 different ISP's .
+--------+ +-------+
| ISP 1 | | ISP 2 |
+--------+ +-------+
| |
| |
+--+-------------+---+
|My DMZ Network 5 PCs|
+---------+----------+
|
+------+---+
|PIX |
+-----+----+
|
Internal Net
Do I put 2 gateways on my DMZ PC's and the PIX
Do I put a linux box with a nic for each gateway and the DMZ
Do I put 2 IP nets on the same physical net (DMZ both 192.168.1.0 and
192.168.2.0)
Do I just set 1/2 the systems to ISP 1 and the other to ISP 2
Brian Densmore wrote:
>>-----Original Message-----
>>From: Patrick
>>Subject: Multiple gateways??? Redundant connection suggestions.
>>
>>Hi, I am trying to figure out how to deal with multiple net connections.
>>I do not have my own network, so I have two different networks.
>>
>Ok, that's confusing.
>
>
>>My network is comprised of W2k & Linux
>>I am thinking of just putting them both on the same private network,
>>but will I need a psudo gateway i.e. a linux box with 3 nics: one to
>>each gateway, and a 3rd to the local net? Or put both gateways in under
>>each systems IP/route settings. Or give each system 2 lan addresses and
>>two gateways. Or setup 1/2 the pc's on one gateway, and the other on the
>>2nd gateway.
>>
>>I know both routers (Caymen, and a Netopia 7200) have a RIP setting, but
>>I am sure that is for the public side not the internal side.
>>
>>Bacicly this if for my DMZ I have 5 pc's/servers and a pix to my
>>internal net that will be looking at these two gateways.
>>
>
>Not sure I understand from this what you are wanting to do. But, I'm going to give it a shot
anyway. This is the way I read it
>
>You have 5 pcs, 2 routers and a pix firewall.
>You have one network on 1 router and 1 network on the other router
>(stop me anytime I get something wrong) and both networks are isolated.
>At least one network is connected to the pix firewall?
>
>You want to connect these two networks and add a third network.
>
>There are so many possible configurations here it's not funny.
>One solution would be to add a nic to each of the two gateways
>thus creating the third network and connecting the two networks.
>This would make two network two hops away from each other and one
>network one hop away from the other two.
>
>Another would be as you suggested is to add a third gateway with three nics
>connected to both existing gateways and a new switch that connects your third
>network. The advantage to this solution would be the new linux gateway could
>be used to restrict traffic between the existing two networks easier. This way
>your new network would be one hop away from the existing ones and the existing ones would be 2
hops away from each other (unless they are already connected somehow).
>
>You might also want to create a master DNS server.
>
>HTH,
>Brian
>
More information about the Kclug
mailing list