Networking 2 lans together for file transfers

Question

I currently have 2 separate cabinets setup in a data center and each cabinet has it's own Watchguard XTM810 firewall and ISP router. The cabinets are not located next to each other. All of the servers in the cabinets are hosting web services and the Watchguards are configured in drop in mode (all interfaces use the same IP).

The data center have run a cable for us between the 2 cabinets but I want to be able to link the 2 separate networks so we can transfer files between servers quicker. Currently any file transfer goes out into the internet and then back into the data center.

Is it possible for this to be done with a switch, through the Watchguards or could there be a route configured between the 2 routers. We are using the same ISP for both cabinets but each cabinet has it's own IP range in separate subnets.

Answer 1

1. Configure one of the interfaces on each Watchguard unit for a 1918 address (eg 192.168.200.1 and 192.168.200.2); you may have to reconfigure the link aggregation or bridging that's allowing you to use the same IP on all interfaces.
2. Connect these two configured interfaces with the cable that was strung for you.
3. Configure routing on each unit
   • if cabinet A has IPs 1.0.0.0/24 then B needs a route to 1.0.0.0/24 via 192.168.200.1
   • And cabinet B has IPs 2.0.0.0/24 then A needs a route to 2.0.0.0/24 via 192.168.200.2
   • Both of those, take the info for the far side, the far network and the far Watchguard IP.
4. Test the configuration with tracert (Win) or traceroute (*nix). There should only be ~2 hops between networks now.

Note: Reconfiguring the connections may disturb communications. More importantly you should make these changes on-site unless you're really, really confident that you don't need to be, as any mistake will likely break routing, and you may loose the ability to administer your router remotely.

Answer 2

Yes. You'd need to set up a route between the two networks, which any decent network admin should be able to do for you in short order.

You have to let your devices on each network know that there's a shorter path to the other network (the new cable), or they don't know about it, and will keep using their default route, which seems to be out through the internet.

You're not exactly clear on the setup, but this might be something that you can do entirely on the client making the transfer, even. (route print from my command line gives me a nice list of the network routes my [Windows] workstation knows about.)

Answer 3

You haven't given enough information to answer for sure, but basically because of Drop-in mode, you need another device doing layer-3 routing to route between the networks. Preferably a firewall device capable of controlling the traffic, but not necessarily.

Give it an IP address on both networks, plug both networks into it. On both Watchguards, add a route entry to send all traffic for the remote network via this device's local network IP.

Without drop-in mode you could do it by connecting a cable between an interface on each Watchguard and they could route/firewall the traffic. If it wasn't a major job, I'd say schedule downtime and switch to mixed-mode - but it would need redesigning to do so.

(It's entirely possible to use mixed mode, avoid NAT, and stay with public IPs everywhere - at least on recent Watchguard Firewall firmwares - which makes drop-in mode rather redundant. Example: http://www.watchguard.com/help/configuration-examples/public_IP_behind_XTM_configuration_example_%28en-US%29.pdf )