ICS and 2 LAN

T

Tumurbaatar S.

Our LAN connects Internet thru SOHA WatchGuard. And due to license
limitation, we decided to separate some pc's from direct connection to
Internet and use WinXP's ICS. So now we have 2 LAN:

1. all client pc's connected to one switch which itself connected to SOHA.
IPs are 192.168.1.X

2. all client pc's connected to second switch and one of pc's runs as
ICS host. This host pc has 2 NIC and 2nd card connected to the 1st
switch. IPs are 192.168.2.X

Finally, both LAN's clients can access Internet but clients
of the 2nd LAN cannot access pc's on the 1st LAN. No ping,
no shared folder access, e.g. \\192.168.1.X command does not
work.
Any ideas?
 
R

Ron Lowe

Tumurbaatar S. said:
Our LAN connects Internet thru SOHA WatchGuard. And due to license
limitation, we decided to separate some pc's from direct connection to
Internet and use WinXP's ICS. So now we have 2 LAN:

1. all client pc's connected to one switch which itself connected to SOHA.
IPs are 192.168.1.X

2. all client pc's connected to second switch and one of pc's runs as
ICS host. This host pc has 2 NIC and 2nd card connected to the 1st
switch. IPs are 192.168.2.X

Finally, both LAN's clients can access Internet but clients
of the 2nd LAN cannot access pc's on the 1st LAN. No ping,
no shared folder access, e.g. \\192.168.1.X command does not
work.
Any ideas?
Click to expand...


This is never going to work the way you want.

Not only do you have 2 subnets, ( which we *could* work around ),
but you also have NAT in between them.

The machines on the second subnet are 'hidden' behind ICS,
and are not accessible from the first subnet.

I'd buy the licenses or change the firewall for one that's not license
limited.
 
T

Tumurbaatar S.

Yes, I know that machines on the 2nd LAN hidden for the 1st LAN.
But why they cannot access the machines of the 1st LAN?
 
R

Ron Lowe

Tumurbaatar S. said:
Yes, I know that machines on the 2nd LAN hidden for the 1st LAN.
But why they cannot access the machines of the 1st LAN?
Click to expand...


Because the ICS box has a default route pointing out to the Internet,
and it has no knowledge of the second subnet on the local interface.

Any packets directed at it which are not actually for it will NAT
them and forward them to the ISP's gateway.

You might be able to dual-home another of the machines,
Put one NIC in each subnet, and set it up as an IP forwarding
router between the subnets, and then create static routes on each
of the machines to the other subnet.

That would bypass the NAT.

You'd then need to fix up NetBIOS name resolution,
probably using LMHOSTS.

You should be able to map drives between the machines.

Cross-subnet browsing will not work,
because it relies on broadcasts.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ICS in combination with a Broadband Router in 1 LAN 2
Is ICS my only option ? 7
Both a Wired Ethernet and Wireless Card 1
HTTP server on a LAN using ICS and Windows Firewall 7
Xp home ICS set up 1
xp home ics lan 2
Remote Desktop Connection Query? 2
ICS not working 3

Top