virtual gateway?

KLin

Lifer
Feb 29, 2000
29,805
313
126
Got a question for you network guru's out there. I handle IT for a food processing facility. We have 2 networks running. One is an Office network for accounting, production, shipping, etc. etc. The 2nd network is for our control systems of the equipment that we use for processing and is supported by our engineering dept. We currently are using one Class C subnet for each of these networks. We have a Cisco 2600 series router that is used to connect the office network to a WAN via frame relay. I have the 2 local networks currently routed using an Intel 550t Routing switch, just for local traffic. I don't have access to the cisco router, our corp. office handles that. The 2nd subnet that is used for the control system was being used by another processing plant within our company, but it was recently shutdown and sold. Anyways, the office network already has a gateway to go out to the WAN. Is it just a matter of setting up a virtual gateway on the cisco router for the 2nd ip subnet, and making changes to the static routes on the router in regards to the 2nd subnet? Does the control system network need to be physically attached to the cisco router in order for this to work? This is just an FYI question for me, as I won't be involved in getting this setup on the cisco router, if it ever gets done. Thanks in advance.
 

ScottMac

Moderator<br>Networking<br>Elite member
Mar 19, 2001
5,471
2
0
If both subnets are directly attached to the Cisco 2600 (as well as the FR connection), then both subnets can be allowed out to the WAN. If the Engineering subnet is attached (physically and logically) to the Admin LAN, then it should be able to get out (with proper permissions).

I'm thinking that connecting your manufactureing LAN to the Internet is flirting with disaster....if a hacker got through, some serious damage could occur (unless it's strictly for monitoring).

If there's some need for a PC/workstation out on the floor, then maybe a wireless extension to the admin LAN would work, maybe a VLAN thing could happen....but IMHO, exposing your manufacturing LAN would be a bad thing.

FWIW

Scott
 

KLin

Lifer
Feb 29, 2000
29,805
313
126
Scottmac,

Thanks for the reply. The only reason we would have to allow the eng. network to get out onto the WAN is to show other plants in our company what we are doing to access information on how our plant is running during production. We do have a firewall located at our corp. offices between the entire company network and the internet that is monitored very closely, and pretty much all non-standard ports are closed.

I didn't really see a need for the eng. network to go outside of our plant, since the reason we wanted the 2 local networks routed was so the plant managers can access information on how efficient the plant is running during our 3 month production season, and offseason production.