1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WAN link between two sites

Discussion in 'Networking' started by charleee, Nov 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. charleee

    charleee Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    4
    hi
    I have two sites linked by fibre a few miles apart, site A is on a 10.0.0.0 range, site B is on a 192.0.0.0 range, at site b there is a firewall with 2 cards, Site A also has a firewall, it external is poiting to the internet at site B, so basically site A get it internet from site Bs internet. Now they have decided that site A needs to be able to have access to one sql server at site B, how can this be achieved without allowing all traffic across the link, as, for example, both sites have their own DHCP for and cannot have site A giving out IPs to site B, so its a bitmore complicated than just linking the two..

    how can this be done... can it be as simple as a masquerading rule at site B, with a second card in the sql server or 3 VLANs at site B (one for site b one for site a and one for the external internet, with site As traffic tagged), idk i cant get my head around it...

    thanks
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,294
    I'm finding it very hard to follow what you've typed. I need a network diagram to help you further because there's data missing such as if firewall A has it's outside/external port on the 192.x.x.x. network.

    I also hope you're not using 192.0.0.0. You should be using something in the 192.168.x.x range.
     
  3. charleee

    charleee Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    4
    hi

    sorry

    hope this helps....

    All users at site A need to be able to see the sql server at site B, the firewall at site A also need to be able to see the internet router at site B to giove site A internet access, at the minute the sites are linked as in the diagram...
     

    Attached Files:

  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,294
    First question I have is it appears the connection you have between site A and site B is a dedicated leased line or a custom run line point to point between the two locations. If this is the case, why are you using a public IP space over this link?

    But the solution is simple here. Just add a static route at the internet router at site B to point to 271.x.x.222 to be the gateway to the 192.168.0.0 network. You'll have to adjust your firewall rules on the site B firewall to take this into account.

    But the use of the 217 address space concerns me because this is going to cause potential routing issues if you are using this public space for your internal network other than being bad network practice.
     
  5. charleee

    charleee Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    4
    site B used to have an isp on the 217 range, then they changed ISP, to make it easier that ISP set their equipments internal IP to be the same as the old ISP...

    the link was an after thought, site A used to have their own internet access and be totally seperate from site B, (they are both schools) now the two schools are going to become one in a new site, the new site will take another year to build, so in the meantime, site B shares its internet with Site A, now both sitesneed to have access to the SQL server until both sites are moved to th new location (one building). The link is a fibre optic cable.

    Im not exactly an expert so coul you explain "Just add a static route at the internet router at site B to point to 271.x.x.222 to be the gateway to the 192.168.0.0 network" a bit more...

    Would this mean both sites are still seperate and stuff like DHCP will not travel across the link...
    thanks



    th
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,294
    Is this fiber link provided by an ISP or something you had done?
     
  7. charleee

    charleee Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    4
    I found out today, the link is not in, no-one knows who is installing (?), but more likely to be ISP with their router each end
     
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,294
    So there is some clear confusion here. You need to figure who is installing this circuit and what services are being provided with this circuit. As you've indicated in your diagram with the IP information, you are implying that an ISP is providing this circuit and provisioning public IPs. If they are giving you public IPs, there's an implication that the circuit is going over their public routing space and therefore you internet access should be part of the service provided.

    If the circuit is a dedicated leased line, the ISP just provides a point to point layer 2 link and you provision the IPs on both ends. If this is the case, you are not following proper networking practices by using public IPs in your internal private network.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027462

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice