From: Smarthost (hecuba@zeus.tmfweb.nl)
Date: Tue Aug 12 2008 - 13:55:30 ART
NATT'ng is your best bet.
I worked for a company that used to buy rivals like candy. What we found was
that every acquisition or merger came
with its enterprise application portfolio that provided a capability the
rest of the organisation needed immediately.
For networks we did not trust - (latest aquisition) we NATted the source
scope.
We then offered a trusted IP scope for the destination Pool.
Every remote cloud could access all the application - Natted internal
All source addresses that passed through the Nat router become Patt'ed
We made sure that the Inside NAT/PAT scopes were not distributed into the
New acquisition merger networks (OSPF) and vice versa
We had a few defaults just in case pointing to the NAT gateway from their
gateway
Every network behind the NAT router was considered alien and hostile. With
this in place we didnot care what IP ranges they had.
The next scenario was when we needed to migrate all remote users to approved
infrastructure services like EMAIL,FTP, DNS etc hosted in our datecenters.
They would retain their existing IP scopes sometimes in confilict with our
enterprise IP scheme.
The same logic but now in reverse order.
We just provided a /28 for the EMAIL/DNS/etc server cluster pool.
The source PAT/overload remained the same. For every server or service they
pointed to a NAT on the gateway.
The only downside was that we had a lot of cordination overhead.
DNS
Firewall rule changes
NAT statements.
Troubleshooting issues - esp with server redirects and sometimes
authentication
But it worked like a charm.
----- Original Message -----
From: "Scott Morris" <smorris@internetworkexpert.com>
To: "'Monica Belluci'" <mpls1979@gmail.com>; "'Cisco certification'"
<ccielab@groupstudy.com>; "'Cisco certification'" <security@groupstudy.com>
Sent: Monday, August 11, 2008 3:58 PM
Subject: RE: Doubt - Network Solution Provider or Infrastructure Redesigning
> One would first have to ask WHY! :)
>
> If they are talking to each other's networks, then you're looking at a NAT
> scenario which can get kind of hairy depending on your applications and
> firewall capabilities!
>
> Otherwise, if there are no overlapping host addresses, you could also
bridge
> them together.... But again, this may produce some ugly results!
>
> Good luck with it all!
>
>
> Scott Morris, CCIE4 #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> Senior CCIE Instructor
>
> smorris@internetworkexpert.com
>
>
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
> 4
> Knowledge is power.
> Power corrupts.
> Study hard and be Eeeeviiiil......
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Monica Belluci
> Sent: Monday, August 11, 2008 4:46 AM
> To: Cisco certification; Cisco certification
> Subject: Doubt - Network Solution Provider or Infrastructure Redesigning
>
> Dear GS,
>
> Suppose I have two companies want to interconnect with each other having
> same IP subnet blocks on both side
> 1) Company A - subnet 172.16.1.0/24 ,Subnet 10.1.1.0/16
> 2) Company B - Subnet 172.16.1.0/24 ,Subnet 10.1.1.0/16 On both side We
> have more than 700 hosts + Servers What is the better way to do
> communication between them without changing Ip addresses ?
>
> Thanks
> Monica Bell
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART