ip routing question

[domiflichi]

Hello,

I recently was asked by a friend to perform a task that turned out to not be as easy as I thought. Here's a diagram of what I'm working with:

So what he asked me to do here is get 2 specific Company B workstations to be able to access Company A's Windows Server.

All the workstations (there are more workstations at both companies than what I showed in the above diagram of course) and the 2 servers are running Windows. I tried messing around with the 'net route add' command, but was not having any success.

It seems like this should be easy but my limited IP routing knowledge is really showing here. Was hoping someone could help me out a bit.

 

[lif_andi]

Is that switch configurable or are you trying to go through the WAN routers ?

Gonna assume that it is configurable since otherwise this network would not run very well.

If the switch is Layer 3 capable then the routing should be done there, and you would point to a VLAN as a destination.

Something like - route 10.45.1.200 to interface Vlan 2 (or whatever VLAN it is on). And then remember to route the other way for the return packet.

If these are seperate companies, you should check to see if this is allowed at all, since essentially you'd be giving both companies access to resources on the other. You'd solve that with access control, but you'd have to be sure you'd know what you were doing.

 

[domiflichi]

I'm not sure about the switch...I'll have to check into that. But would that work even though Company B is not set up as a VLAN?

Let's assume that the switch is not a layer 3 switch...what would I do?

It is allowed by both companies - 1 person basically owns both companies, and the owner is the one who asked my friend to do this, which in turn, he asked for my help. However, this is such a strange situation, I've never seen before..

 

[Smoove910]

wouldn't you add a static route between 10.45.1.1 and 10.1.10.1 ?? I think that would allow communication from one network to another? How much data is going to be transferred between the networks? If it's minimal, there always the VPN option

Forgive me if I sound stupid, but I'm new to this stuff (a student) and am curious on the solution.

 

[lif_andi]

I'm pretty sure you can't route this over the internet, since both are private IP addresses, but you might be able to create an internal route on the routers to point to the other subnet.

If the switch is Layer 2 only, then I would think that the route would already exist on the routers, since they are both directly connected to both subnets. There is a possibility that you'd need to route the packet to the other router, but first you'd have to make sure that they are aware of each other.

Then you'd create a route on one router to point to the server, through the other router. Something like:

Router A>route 10.1.10.x through 10.1.10.1 and vice versa.

Like I say, you have to make sure that the routers can reach each other before hand, and then use the routers IP addresses to route the packet. The router should then take care of the rest.

The best solution would be to only route the IP addresses you'd need, and not the whole subnet, since that would be a "security" issue.

Hope this makes sense, but this network is a little confusing

Smoove kinda has it right, but in your case, if you only want the 2 workstations to communicate with the server, you'd only add routes for them to the server and back.

 

[ConradGoodmanIT]

Is your diagram for real? Shouldn't you have two different switches there or are the companies in the same building? If they are they should be VLANed off on that switch.

 

[alkemyst]

Looks like an internal route between the two 10.x.x.x networks would do it (almost like router on a stick). If you can segment the switch with VLANs and routing there that would also work.

 

[lif_andi]

Think you might have to scratch what I said. I did a little test in Cisco Packet Tracer, and realized that you would need IP addresses on both routers on both subnets for this to work. That is, Router A must have an interface with 10.45.1.x and another one with 10.1.10.x IP address, and router B the same. Failing this (depends on the equipment whether this is possible) you don't have a way of routing between those networks.

The very best solution would be to have a Layer 3 switch there, with 2 VLANs and have the routing performed there through VLAN interfaces and a static route.

If those routers are enterprise level, then you might have seperate ports that you can assign IP addresses and thus make this work.

What you'd do is assign those IP addresses to those spare interfaces, and connect them to the switch. You'd have two cables from each router to the switch. Keep in mind that this would essentially allow all devices on each subnet to communicate with each other, and that there would be little you could do to stop that, assuming you don't have enterprise equipment.

As some have said, this is not a good solution but it should work.

EDIT: I think you might be ok just doing this on one of the routers. This would essentially create a "bridge" between the two subnets. On the other one you could point only to the workstations for example, and thus limit the extent of how open the networks would have to be.

Something like:

On Router Company B
Route 10.1.45.0/24 to 10.1.10.253
and on Company A
Route 10.1.10.15/32 and 10.1.10.90/32 to 10.1.10.253

This should work to only route traffic back to those computers, while dropping packets from other workstations.

 

[domiflichi]

Thank you everyone for the suggestions, I really appreciate it. I ended up assigning a 2nd IP address to the 2 workstation's NICs, and this seemed to have worked just fine. It was a suggestion by someone else and I don't know why I didn't think of it already - simple, but effective.
I really would like to learn about IP routing more though - everyone had nice ideas, but I didn't quite understand everything.

 

[Martin Wilson]

Thank you everyone for the suggestions, I really appreciate it. I ended up assigning a 2nd IP address to the 2 workstation's NICs, and this seemed to have worked just fine. It was a suggestion by someone else and I don't know why I didn't think of it already - simple, but effective.
I really would like to learn about IP routing more though - everyone had nice ideas, but I didn't quite understand everything.

Yes, that's one option. Just assign an IP on the Server's 2nd interface that's it. The 2nd interface would either plug into the same flat network or a 2nd vlan port on the switch

I assume that the network is a flat 10.0.0.0/16, hence all the devices can talk to each other.

Either that or they are two separate /24 networks, but you would then need to have a managed switch to configure different vlans and then trunk the uplink ports to the routers. You would then add a static route from each subnet to the other pointing to the other subnet with the next hop being the LAN Ip of the other router.