1

My customer has two small companies in two separate buildings that have merged. The buildings are 30ft apart, so they ran an outdoor, buried CAT6 cable between them. They want to use the main building's server for some file sharing and Quickbooks Enterprise sharing, while leaving the main building's network as is. Since the second building is smaller and only has a few computers and separate WAN, I need a router to place there that will serve as that building's DHCP, but also that can bridge (not sure if correct term is bridge) to the other building via the buried CAT6 cable so users in this building can access QB Enterprise and files fast and not have to go through a VPN. The other building's WAN is pretty slow anyway so they don't want the additional users on that WAN, but on their own with a separate provider, bill, etc.

So, I need to find the router/piece of hardware (Cisco, Zyxel, Netgear, etc) that will get this accomplished in the second building. Preferably, the router would also have a wireless AP so I don't have to get another one. I don't need to access the small building from the big one, but I do need to have access to the server from the small one. Also, cost is important, so the equipment has to be in the hundreds not thousands. Any ideas would be appreciated.

Building 1: Internet -- WAN (Cisco/Firewall) -- Switches -- Servers and PCs Building 2: Internet -- WAN (Netgear/Firewall) -- Switch -- PCs

FireFerum
  • 13
  • 1
  • 3
  • 1
    What kind of Cisco equipment? You can probably connect the Cat6 wire to Building 2's switch(es), and Building 1's Cisco router. – Chris S Apr 17 '13 at 16:30
  • 1
    Dont forget to isolate the copper wire between buildings before connecting it to some kind of (semi-)expensive equipment. APC makes a 'protectnet' device that works for this, I'm sure there are other vendors that provide the same functionality. – cpt_fink Apr 18 '13 at 03:04
  • Chris S: It is a Cisco 2800 Series. – FireFerum Apr 18 '13 at 15:15
  • cpt_fink: Thanks for the advice. I will check to make sure some type of protection is in place. – FireFerum Apr 18 '13 at 15:18

2 Answers2

0

The other building's WAN is pretty slow anyway so they don't want the additional users on that WAN, but on their own with a separate provider, bill, etc.

This is goofy. Both of these buildings now house employees in the same company (they merged right?). They will both be better served by pooling their resources, buying a single WAN connection and combining their networks. Having separate infrastructures makes absolutely no sense to me and is terribly inefficient from a number of standpoints.

As @ChrisS mentioned, depending on the type of Cisco gear you have you add appropriate routes and ACLs on your existing hardware meeting your requirements for allowing limited access from Building #2 to Building #1's server.

Your other option is to buy a dedicated device that will sit at the demarcation between Building #2 and Building #1 and act as a firewall and router. They're are plenty of devices in the Small/Medium Business market that could fulfill this roll. Ideally you'll want to pick a device that has enough flexibility to also act as a firewall for Building #2's WAN connection as well.

  • So this is where I need help. I know the setup is not optimal. But there are some accounting things preventing everything from working together. In any event, you mentioned a router/firewall that will sit at the demarcation: Do you have a product in mind that will cost in the hundreds and not thousands? Also, could you give me an idea of how to setup the connection? I know I will have say X0 as WAN in building 2, X1 as LAN, and then X2 as the bridge/tunnel/whatever the terminology. But, how do I keep X2 from getting DHCP, while letting the router know X2 is really a bridge to LAN2? – FireFerum Apr 18 '13 at 14:55
  • This setup is less than optimal, it's dumb. You really should press Management to see if you can combine the network. Shopping Questions / Product Recommendations are [off-topic](http://serverfault.com/faq). Since you're already using Cisco, maybe call your vendor, describe what functionality you want and see what they recommend. I can't comment on the specifics of setting it up since it is implementation dependent. Also, don't take this the wrong way, but you sound very inexperienced with networking. You should see if you can contract with someone to help. –  Apr 18 '13 at 16:20
  • kce - I'll take your advice into consideration. Thanks! – FireFerum Apr 18 '13 at 16:26
-1

Personally, because i have experience with them, I would use a Watchguard firewall, and setup a point to point VPN, its literally drag and drop creation in the system manager. The XTM-33W would work just fine, and are under $1k. http://www.watchguard.com/products/xtm-3/overview.asp

You would need a device on each end. This is assuming that your current switches are not capable of any type of advanced routing and could not simply be plugged in to each other with the existing cable. (or want to keep the networks physically separate.)

DanBig
  • 11,423
  • 1
  • 29
  • 53
  • Downvotes for an answer? – DanBig Apr 17 '13 at 16:33
  • Would a Point to Point VPN between two physical interfaces be possible with just one of those firewalls? I am not supposed to modify the other building's network. – FireFerum Apr 17 '13 at 16:37
  • Yes. All switches are un-managed gigabit switches. So, how would I configure the two devices if I didn't want to disturb the main building's setup at all and didn't care if I changed settings in the small building so long as the small building maintains its own WAN connection? Could you elaborate on the setup? Thanks! – FireFerum Apr 17 '13 at 16:53
  • FWIW - I didn't downvote you because I don't have enough rep points to do that. I think your answer was very helpful. – FireFerum Apr 18 '13 at 15:17