I am after some advice on how to achieve multiple independent LANs, that can restrictively talk to each other (at minimal cost).
I have 3 LANS
LAN A - Admin Lan - Multiple servers and workstations, connected to the internet by WAN A. LAN B - Production Lan - single server, several production machines LAN C - "Special Lan" - basically a duplicate of Admin Lan, but specialised for a particular client (Connected to WAN B).
In essence, Lan A and C both need to talk to LAN B, but they can't talk to LAN B.
LAN A and C have multiple WAN connections.
EDIT I have done some further research and it appears I may be able to achieve it relatively cheaply using some draytek routers. They support treating every LAN port as a VLAN and different subnet, and can place firewall rules between VLANs
Can anyone comment on the below design?
https://i.stack.imgur.com/7sMn9.jpg
- On the 2830, Can we restrict traffic using firewall rules, so only RDP traffic can go from the thin client to the Special Client server?
- On the 2830, can we restrict traffic so the Special client server can push data to the 2920 (via Web services), but all other packets from the 2920 will be dropped?
- On the first 2830, can we force any traffic from the second 2830 to only go via the WAN interface? (i.e. no access to the other VLANS)
- Can the second 2830 use the first 2830 as a backup internet connection? Will the additional NAT layer break anything?
