Connect 2 different networks using 2 routers

[raphaels]

Hello! I'm asking for some help. I have the following network layout:

I need to do that all the computers of the two networks to communicate.

For that I currently use multihoming setting 2 IPs address on workstations. Now I need all computers use only 1 IP address. Communication between the networks have to be established through the routers.

I have 2 WAN ports available on each router but I can not make it work properly.

Fields for routing:
DESTINATION:
MASK:
NEXT HOP:
INTERFACE: (WAN1, WAN2, WAN3, LAN)

I've tried to do the following, but none of these worked:

======================================
ATTEMPT 1
======================================

ROUTER #1 LAN 192.168.1.10

INTERFACE WAN3 PLUGGED TO HUB SWITCH
IP: 192.168.2.5
MASK: 255.255.255.0
GATEWAY: 192.168.2.10


ROUTER #2 LAN 192.168.2.10

INTERFACE WAN3 PLUGGED TO HUB SWITCH
IP: 192.168.1.5
MASK: 255.255.255.0
GATEWAY: 192.168.1.10


======================================
ATTEMPT 2
======================================

ROUTER #1 LAN 192.168.1.10

INTERFACE WAN3 PLUGGED TO HUB SWITCH
IP: 192.168.5.1
MASK: 255.255.255.0
GATEWAY: 192.168.5.2

ROUTING
DESTINATION: 192.168.2.0
MASK: 255.255.255.0
NEXT HOP: 192.168.5.2
INTERFACE: WAN3


ROUTER #2 LAN 192.168.2.10

INTERFACE WAN3 PLUGGED TO HUB SWITCH
IP: 192.168.5.2
MASK: 255.255.255.0
GATEWAY: 192.168.5.1

ROUTING
DESTINATION: 192.168.1.0
MASK: 255.255.255.0
NEXT HOP: 192.168.5.1
INTERFACE: WAN3

======================================

 

[cirdecus]

Are the networks located in the same building? Why do they need to be on the same subnet? If they are in different locations, then you need to setup a VPN Tunnel between the two (usually using a firewall). Also, which machines are communicating with each other, servers or workstations or both?

 

[raphaels]

The networks are not located in the same building. The buildings are connected using a RocketM5 wireless link.

In one building the subnet is 192.168.1.0. All the workstations and the router are connected in a hub.

In the other building the subnet is 192.168.2.0. The server, all the workstations and the router are connected in a hub.

I need all communicate each other in the two buildings to share network resources like printers, shared folders, files, etc. Above all, the workstations on subnet 192.168.1.0 have to communicate with the database server on subnet 192.168.2.0.

No VPN.

Thanks.

 

[cirdecus]

Ok, I'm guessing the buildings are close to one another if you have two RocketM5 access points connecting them. I would say you have two options:

1) Allow both buildings to be separate networks with separate internet connections. You need to have two firewalls that support VPN tunneling (you should have firewalls anyway to protect these networks.) Setup a VPN tunnel between the two to redirect traffic for each subnet. This will allow them to communicate with the other subnet through the internet. This is how most businesses do it.


2) If the buildings are close enough for an access point to connect to another, it is possible to combine the networks. You could do this in a number of different ways, you could get rid of one router and internet device completely and allow DHCP to propagate from one router to both locations connected via the access points. I typically wouldn't recommend this though as the hotspots may not be as reliable as the internet connections in both locations.

Remember that if you're trying to do the second option, the access points need to be invisible on the network. They should only be in bridge mode between both switches (or hubs), extending connectivity.

 

[cirdecus]

Actually the more i'm thinking about this, if the range and reception between the two access points is fantastic (you should run speed tests to confirm), then that may be the best performance option. Your internet speeds are probably regular business class cable/dsl (correct me if i'm wrong) so their uploads are most likely capped around 5-10Mbps.

So yeah, setup the access points in bridge mode and simply extend one of the IP networks to the other location (probably the location without a DB server). Connect both into a switch, get rid of the internet and router at the secondary location.

 

[abailey]

After seeing your diagram and looking through the manual on your router, it looks like you have everything you need to connect the sites together. Here is what I would do. I would connect your Rocket M5 to the LAN2 port on the TP-Link router at each site. I would create a new subnet for the LAN2 ports. You could make one of them 192.168.3.1 and the other 192.168.3.2. Your router should automatically build the routes for those networks and you should be able to ping/communicate between the two buildings. If it does not build the routes for you after you set it up like this, come back here and we can help you get the routes built. Just make sure you have encryption turned on for your Rocket M5's so you don't have to use VPN on the routers as VPN throughput is very low.

 

[raphaels]

The buildings are about 2 km away and already communicate each other through RocketM5 as if the hubs of each building are on the same LAN. No VPN is needed.

I just need the workstations on 192.168.1.0 to communicate with the network 192.168.2.0 using only routers.

Forget the layout I sent before and picture 2 hubs connected in cascade with cables. In one hub you have computers on 192.168.1.0 in another hub you have computers on 192.168.2.0. And have 2 routers to do this. The routers have 2 WAN ports and 2 LAN porst avaliable.

Thanks.

 

[cirdecus]

Ok so if we forget your Rocket access points, then the routers will be communicating with each other through the public internet. So the solution is to setup a VPN tunnel between both sites using their respective internet connections and a firewall. If your router doesn't support VPN tunneling, then you need to get your hands on a firewall that does and establish a VPN tunnel between both firewalls for each subnet.

See my above two options

 

[abailey]

The buildings are about 2 km away and already communicate each other through RocketM5 as if the hubs of each building are on the same LAN. No VPN is needed.

I just need the workstations on 192.168.1.0 to communicate with the network 192.168.2.0 using only routers.

Forget the layout I sent before and picture 2 hubs connected in cascade with cables. In one hub you have computers on 192.168.1.0 in another hub you have computers on 192.168.2.0. And have 2 routers to do this. The routers have 2 WAN ports and 2 LAN porst avaliable.

Thanks.

In order for two different subnets to talk you must go through a router (which is the role of a router). Thus you cannot put both networks on a single switch (or cascaded switches) and have them communicate together. Thus the cleanest way to do it is the way I mentioned above. By the way I am a very big fan of the Rocket M5 for P2P networks. What throughput are you getting through it? With the distance you are talking I would bet you could get close to 100Mbit.

 

[cirdecus]

Depending on the amount of workstations at the location without the server, it's possible to just combine the subnets and not have to worry about routing in my opinion (my option 2 above). If you don't want to mess with a firewall or VPN tunnels, then just setup the Access Points as a network bridge and connect them to the LAN (either through the hub or router) and extend the other network to the other location.

 

[raphaels]

Responding to abailey: I'm getting around 70Mbps.

I will try these solutions and inform tomorrow what worked best for me.

Thanks everyone!