Option 1:   If you have two public IP’s from your service provider you can simply install a
switch between the router and the modem, connect as per the diagram below, and
then configure each separately as if it were two different businesses in different buildings. Router 1 and 2 can be wired or wireless.

—————————————————————————————————————————————————-

Option 2:  If you only have one public IP available from the service provider you need to use 3
routers
. Router1 would normally be a wired only, and Routers 2 and 3 can be wired or wireless depending on your needs. This configuration completely isolates the 192.168.200.0/24  network from the 192.168.300.0/24 network. No users are to be connected wired or wirelessly to Router1.

Note: If you want to connect clients to Router1 or make it wireless and allow clients to connect, keep in mind users of the .200 and .300 networks will be able to see the devices connected to Router1 (thus no privacy other than their personal firewalls), however users of Router1 will not be able to see devices on the .100 and .200 networks. They are protected because they are on the LAN (private) side of the router/firewall. 

In this case each router is configured as it would normally be except you need to adjust the IP configurations for LAN and WAN of each router as shown in the diagram below.

Note: Keep in mind if you have incoming services such as Remote desktop, you will need to port forward the appropriate ports, such as 3389, from Router1 to Router2, and then from Router2 to the appropriate
server/PC/device.

Warning: This method does not work for incoming VPN connections. Generally VPN’s will not work with multiple NAT devices (routers).

—————————————————————————————————————————————————-

Option 3:  If you want to configure a guest network, which protects the corporate network, but it is not necessary to protect the guest network from the corporate network, you can do so with only 2 routers. In this case the guests, connected to Router1, are exposed to the corporate network, similar to that of an Internet café, but the corporate network is completely protected from the guest network because it is behind the firewall/Router2. Router 1 and 2 can be wired or wireless.

In this case each router is configured as it would normally be except you need to adjust the IP configurations for LAN and WAN of each router as shown in the diagram below.

Note: Keep in mind if you have incoming services such as Remote desktop, you will need to port forward the appropriate ports, such as 3389, from Router1 to Router2, and then From Router2 to the appropriate server/PC/device. 

Warning: This method does not work for incoming VPN connections. Generally VPN’s will not work with multiple NAT devices (routers).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud