John wrote:
Due to current circumstances, I have two separate networks, L and R, on the same side of an ADSL modem and need to setup a route between them. They both share the ADSL modem, 10.0.E.2, as their common, default gateway.
Note that E, L & R are used to identify the subnets for this discussion only and are normally replaced with valid, distinct, octet numbers. Under normal circumstances, these two networks would be in differing geographical locations, linked via the Internet.
I don't understand these two paragraphs fully. If your two networks are in differing geographical locations, linked via the Internet, probably they don't share a common ADSL modem.
Is a VPN the answer or should I look at static routes?
Can anyone give me pointers on how to set this up, please?
L net = 192.168.L.0/24, default gateway = 192.168.L.1 | | Netgear FVS318 DSL router 192.168.L.1 External interface = 10.0.E.32, default gateway = 10.0.E.2 | | Hub----->ADSL Modem 10.0.E.2------>Internet | | External interface = 10.0.E.31, default gateway = 10.0.E.2 Server running SuSE10 + Swan/IPSEC Internal interface 192.168.R.31 | | R net = 192.168.R.0/24, default gateway = 192.168.R.31
This depends on the configuration of your two gateways and your security concerns. If your Netgear and your SUSE box act as a firewall with NAT and your traffic between the external interfaces is really over the Internet, a VPN is the answer. If you don't have NAT and these are really internal networks, then you _could_ add static network routes to the Netgear and the SUSE server. You will have to adapt the respective firewall configuration, though, and let this traffic pass. (You run a firewall on the gateways, don't you?) This will surely work. If you do so, you have the remaining risk that spoofed packets from the Internet can enter your internal networks if somebody guesses your other private network numbers. YMMV -- I would not take up this risk, but then I work as a security consultant and therefore I'm paranoid by definition. :-) Cheers, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany