I plan to implement the following network configuration :
Internet [(cable A)]
Router A
(192.168.0.x)[(WAN:cable A)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]
Router B
(192.168.1.x)[(WAN:)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]
The first LAN port of router A is connected into the first LAN port of router B, but both routers are in a different subnet.
Usually, when I setup two routers together, I do a double NAT configuraton (LAN to WAN) or a LAN to LAN in the same subnet.
I know the following facts:
In a double NAT configuration such as this one,
Internet [(cable A)]
Router A
(192.168.0.x)[(WAN:cable A)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]
Router B
(192.168.1.x)[(WAN:cable B)(LAN1:)(LAN2:)(LAN3:)(LAN4:)]
Hosts from router B can communicate with hosts from router A.
Hosts from router A can’t communicate with hosts from router B.
In a LAN to LAN in the same subnet configuration, any hosts can communicate to any. It’s the same subnet.
In the network configuration I plan to implement, LAN to LAN but in a different subnet, I noticed that hosts from both network can’t be reached. Is this a secure way to isolate networks, at least better than double NAT ?
The connected router B gets an IP address in the router A subnet (192.168.0.x).
Also, I did not have to define any static routes to get internet access, I have difficulties to understand how this is possible since router A gateway does not ping.
Go to Source
Author: pmbonneau