Results 1 to 8 of 8

Thread: RV082, 2 isolated networks, 1 dynamic IP DSL connection

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    7

    RV082, 2 isolated networks, 1 dynamic IP DSL connection

    Looking for a consult on the best way to accomplish this task -

    A customer with high security needs has asked me to set up a small Server 2003 standard, R2 network with 4 workstations with remote access via PCAnywhere (the main application vendor requires this). There is an existing wireless network in place for another network that allows internet access via their dynamic IP business DSL connection.

    The key thing - I must be able to tell the client these systems are totally isolated, and that an experienced internal or external hacker on the wireless side cannot touch the server even if both networks share the DSL (the wiring, switch(s), DSL and RV082(s) will be in a secured location - that area is not mine to worry about

    I've thought about using the RV082 VLan to keep these two networks separate. However I would prefer the two systems to be on separate subnets. Actually I have thought of a lot of things including 2 Static IPs feeding a switch>2 routers, 2 separate DSL accounts> 2 routers, etc. (I would rather not do 2 separate DSLs)

    Basically I am hoping one of the pros here YOSC, etc. (all welcome) would respond and let me know their preferred way to set this up. ).
    Last edited by DDogg; 07-19-07 at 02:23 PM.

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    For the best security, get your own DSL connection and have no worries.

    However...if you must share the existing connection....my preference would be to make the RV0 the primary router, flip the existing networks DSL router into an access point and hang it off of the RV0. I'd separate the two with port based VLANs..your network on VLAN1, and their access point hanging off of VLAN2. They will not see each other.

    I just don't like double NAT'ing. Someone may suggest taking the RV0..changing its LAN IP to 192.168.0.xxx...or 10.0.0.0 (assuming the existing networks router runs a 192.168.1.xxx) having it's WAN interface hang behind the current networks router.....make that static, port forward for PcA on the existing networks router to the WAN interface of the RV0..and then port forward again through the RV0..and have fun with occasional PcA bunks from double NAT'ing.

    Not to mention..we don't know if the existing networks wireless router is behind a modem/router that is already running as a router...so you might be triple NAT'ing. If the current modem is already a router..I'd flip it to bridged mode.

    Anyways...yeah, my first choice..make sure current modem is in bridged mode, set the RV0 as the primary router, VLAN your network, VLAN existing network. Create a PPTP VPN account for your remote vendor, for him to securely VPN to your network....and run PcAnywhere through the VPN tunnel. PcAnywhere huh? Wow...not many people still use that old software, with remote desktop, or webex, or the plethora of more contemporary remote support tools..all of which run a heck of a lot better.....

    If they dont want to VPN..you'll end up having to open/forward the ports for PcAnywhere on the router..and expose them to the internet. Make sure you set it for at least PcAnywhere levels of encryption. Also change it from the default ports (5631/5632)..to something more custom. And set it to drop host mode after 3x failed login attempts.

    And..do NOT install an old version of PcAnywhere on the server. Installing an old AWGINA.DLL file on XP/2K3..and going for that reboot...well...have fun. I forget what version of PcA it needs to at least be...either some late 9.something version, or 10 or higher...to install on XP/2K3 and not blow it up. I really haven't used PcA much over the past quite a few years..mostly back in the version 5 (for DOS) , 6, 7, and 8 days.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Junior Member
    Join Date
    Jul 2007
    Posts
    7
    Quote Originally Posted by YeOldeStonecat View Post
    <snip>
    ... Anyways...yeah, my first choice..make sure current modem is in bridged mode, set the RV0 as the primary router, VLAN your network, VLAN existing network. Create a PPTP VPN account for your remote vendor, for him to securely VPN to your network....and run PcAnywhere through the VPN tunnel. PcAnywhere huh? Wow...not many people still use that old software, with remote desktop, or webex, or the plethora of more contemporary remote support tools..all of which run a heck of a lot better ....
    Yep, pretty much as I was thinking. I'll insist on the VPN .. then I can (just barely) live with the PcA requirement which is the very latest version available (ugly hocking spitting noises).

    I guess I will also have to live with both VLans being on the same sub-net. I'll run the server switch off VLan1 ... Hmmm, I guess I could leave DHCP on for the WAP out of VLan2 (light Internet wireless access). A double NAT should not cause much problems and I would have my different set of numbers to help me keep it straight in my head ... Thoughts on that?

    Man, I really appreciate the reply. I needed another opinion I could trust on this one. Too many things to slip through the cracks.

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    7
    YOSC, I just realized this will require a single home setup on the server and DHCP will be run from the router instead of the server. You agree, or am I missing something? It is do-able, but a tad on the ugly side.

  5. #5
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,913
    Quote Originally Posted by DDogg View Post
    YOSC, I just realized this will require a single home setup on the server and DHCP will be run from the router instead of the server. You agree, or am I missing something? It is do-able, but a tad on the ugly side.
    I'm not following you here..."home setup"?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  6. #6
    Junior Member
    Join Date
    Jul 2007
    Posts
    7
    single nic

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    7
    single nic on the new server - delete the reply above please

  8. #8
    Junior Member
    Join Date
    Jul 2007
    Posts
    7
    Disregard, I should not post when I am tired

Similar Threads

  1. DSL Connection Problem and Phone Filters
    By Jin in forum General Broadband Forum
    Replies: 10
    Last Post: 02-11-11, 12:54 PM
  2. DSL connection problem.
    By jbarczew in forum General Broadband Forum
    Replies: 7
    Last Post: 02-14-08, 10:48 AM
  3. DSL Connection Loss
    By StaticShock in forum General Broadband Forum
    Replies: 1
    Last Post: 03-08-07, 01:43 PM
  4. AT&T (SBC DSL) Dropouts and slow connection
    By fscalpi in forum US Broadband Providers
    Replies: 17
    Last Post: 06-15-06, 12:54 PM
  5. 9 months of DSL connection mystery....Help
    By jbarczew in forum General Broadband Forum
    Replies: 3
    Last Post: 06-20-05, 02:46 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •