[ale] Network redesign

[Mark Hyatt]

I'm working on a network and need some ideas on how to resolve some
issues. Here's what I have. A Cisco 1700 (Owned by the ISP) connected to
a T1 to the Internet. There's a firewall between it and the LAN. The
internal firewall IP is 192.168.1.1 with a mask of 255.255.255.0 and is
connected into a switch. On this same switch are servers and PC
configured to use the 192.168.1.0 IP network but in addition there are a
few configured to use 192.168.25.0 as the network address. One NT
server, lets call it Garfield, has two nics. One nic is configured with
an IP and mask to use the 192.168.1.0 IP network and the other is
configured with an IP and mask to use the 192.168.25.0 IP network. Both
nics are connected to the same switch. Two IP networks running on the
same switch. It works. The reason for the two networks is that
192.168.1.0 was configured for the original internal network. The
192.168.25.0 network came into use when a T1 WAN from a customer site
was added to allow the customer to access an application on Garfield and
an internal FTP server at 192.168.25.118. The customer requested the
192.168.25.x addresses. The T1 comes through a Cisco 1751, owned and
controlled by the customer and is configured with an IP of
192.168.25.230 and a mask of 255.255.252.240. Correct me if I'm wrong,
but I believe that combination of IP and mask gives me a network of
192.168.24.224. I'm not too familiar with supernetting but if you look
at the binary representation, I believe it's a supernet. To add a little
zest to this soup, yet another customer comes in on another T1 through
their owned and controlled Cisco 2611 with an IP of 192.168.1.249. I'm
assuming the mask is 255.255.255.0. They access the same application on
Garfield. And to thicken the soup, there's a VPN over the Internet
connection from a customer to access the 192.168.1.0/24 IP network
including Garfield.
 
All of this works right now. I have some ideas on how to make this
better but could definitely use some more. Here's the challenges.
 
Make changes without making changes to the two customer owned Cisco's or
IP's or the 192.168.1.0/24 VPN if possible.
Separate the networks (route). The "internal use" IP network can and
probably should be changed from 192.168.1.0.
Secure networks and T1 WAN's (firewalls)
Add an additional customer who needs a VPN connection over the Internet
to Garfield (One IP).
Add another FTP server to be accessed from the Internet.
 
The hardest part for me is figuring out how to split up the network and
what to use for routing. There will be fewer than 50 nodes on each
network but I will be moving some large files across the local networks.
Additional hardware, possibly Cisco routers and firewalls, will have to
be purchased and I may replace the ISP's Cisco 1700 if necessary.
 
Mark Hyatt
Proprietor
 <http://www.computerrepairassociates.com>
www.computerrepairassociates.com
-------------- next part --------------
An HTML attachment was scrubbed...