seperating two domains

Toggle sidebar Toggle sidebar
R

rasczak

Lifer
Jan 29, 2005
10,437
23
81
here's the deal,

I have to setup two domains but I have to keep them physically and logically seperate from each other. the problem is i only have one line out to the big bad internet.

equipment 2 2k3 servers 2 gigabit switches, 1 juniper ssg550 firewall.

can i go this route?

lan A > Gb switch A > firewall > internet
lan B > Gb switch b > firewall > internet

is this feasible with the equipment that i've got?

there will be some file sharing between the two lans but no workstation in lan A will be connected to lan b and vice versa. i figure i can set up a trust between the two domains and have that replicate down to the workstations so they can access shares on the other's domain.

as for the og question, is this feasible?
i've never worked with a higher end firewall before so i've got a lot of reading to do and (playing :D) to do.
 
V

vorgusa

Senior member
Apr 5, 2005
244
0
0
Not only is it possible, but one of the main functions of a firewall. You just need to set up three interfaces on the firewall (one for each LAN and one for the internet) and set them up for each segment or segments. You then have to go to the settings of the firewall and tell it what you want to allow to go from LAN A to LAN B and visa versa. and the firewall will keep the LANs seperated and keep people from one area from doing stuff to the other area that you do not want.
 
N

netsysadmin

Senior member
Feb 17, 2002
458
0
0
What you want to do is a site to site VPN via the internet with the Juniper SSG550's. I am not that familar with the Junipers, but I know they can do site to site VPN right out of the box. You may have to get a license for the VPN option though.

After you have the site to site VPN setup you can do a external two way trust between the two forests/domains or even one forest with two domains under it. You have many choices. How tied are the companies and will they always stay together?

John
 
S

stlcardinals

Senior member
Sep 15, 2005
729
0
76
Or you can just go the easy route and use VLANs, assuming your firewall and switches can use VLANs. If your switch is capable, you wouldn't need 2 switches then.

I think netsysadmin thinks the domains are at two different sites with two firewalls, which i believe according to the OP the domains are at the same physical site.
 
N

netsysadmin

Senior member
Feb 17, 2002
458
0
0
Well seeing that has the two firewalls I guess I assumed they were at different sites...oops!

John
 
V

vorgusa

Senior member
Apr 5, 2005
244
0
0
I think her diagram is just confusing... I think she meant something more like this

lan A > Gb switch A >
~~~~~~~~~~~~~~~firewall > internet
lan B > Gb switch b >
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom