Subnetting question - TCP-IP

This is a discussion on Subnetting question - TCP-IP ; Ok, I have three networks that I would like to not be able to talk to each other, but they must all be able to talk to a central ISA server for internet connectivity. The ISA server only has two ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Subnetting question

  1. Subnetting question

    Ok, I have three networks that I would like to not be able to talk to
    each
    other, but they must all be able to talk to a central ISA server for
    internet connectivity. The ISA server only has two adapters (internal
    and
    external), so just connecting each one to a different adapter is not
    possible. Also, because of restrictions put into place by one of the
    higher-ups (don't ask me for an explanation, they don't make sense to
    me), I
    cannot assign the ISA server more than one IP address. So my question
    is
    this, is there a subnetting scheme that would allow the three
    individual
    networks (about 20 computers each) to not be able to connect to one
    another,
    but all be able to connect to a gateway at, say 192.168.1.1? I am
    terribly
    rusty on my subnetting rules and looking for a quick fix.

    Thanks,
    Jacob


  2. Re: Subnetting question

    In article <1147102879.946687.162330@y43g2000cwc.googlegroups. com>,
    Jacob wrote:
    >Ok, I have three networks that I would like to not be able to talk to each
    >other, but they must all be able to talk to a central ISA server for
    >internet connectivity. The ISA server only has two adapters (internal and
    >external), so just connecting each one to a different adapter is not
    >possible. Also, because of restrictions put into place by one of the
    >higher-ups (don't ask me for an explanation, they don't make sense to me), I
    >cannot assign the ISA server more than one IP address. So my question is
    >this, is there a subnetting scheme that would allow the three individual
    >networks (about 20 computers each) to not be able to connect to one another,
    >but all be able to connect to a gateway at, say 192.168.1.1? I am terribly
    >rusty on my subnetting rules and looking for a quick fix.


    No, as long as the devices are on the same segment and not encapsulated
    in VLANs, they can be made to talk to each other directly.

    You mention ISA, which suggests you are using Windows for some or all
    of the systems. Windows 2000 and XP (and possibly some earlier versions)
    make it relatively easy to make this kind of cross-connection without
    going through a router.

    If you do not want the devices to be able to talk to each other,
    drop in a firewall, router with security features, or switch with
    security features.

  3. Re: Subnetting question

    In article <1147102879.946687.162330@y43g2000cwc.googlegroups. com>,
    "Jacob" wrote:

    > Ok, I have three networks that I would like to not be able to talk to
    > each
    > other, but they must all be able to talk to a central ISA server for
    > internet connectivity. The ISA server only has two adapters (internal
    > and
    > external), so just connecting each one to a different adapter is not
    > possible. Also, because of restrictions put into place by one of the
    > higher-ups (don't ask me for an explanation, they don't make sense to
    > me), I
    > cannot assign the ISA server more than one IP address. So my question
    > is
    > this, is there a subnetting scheme that would allow the three
    > individual
    > networks (about 20 computers each) to not be able to connect to one
    > another,
    > but all be able to connect to a gateway at, say 192.168.1.1? I am
    > terribly
    > rusty on my subnetting rules and looking for a quick fix.


    Can you install a router on your network? You need a router with at
    least 3 interfaces, one for each of the subnets (you can put the ISA
    server on the same segment as one of the subnets). Then configure
    packet filters that block traffic between the segments unless they're
    going to/from the ISA server.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

+ Reply to Thread