Make internal IP addresses available externally

[Baonerges]

I have a D-Link DSR-250 which I have setup in my network. I need to be able to access the IP addresses inside the network (192.168.10.100) from my computer (10.212.2.199). I have searched online and have played around with DMZ options and also tried setting up NAT but it is not working. Could anyone help me with this?

 

[BadAsAl]

So I understand the situation better...
Is the Ethernet cable that is plugged into the D-Link plugged into the WAN (Internet) port or to one of the LAN ports?
Do you own or control the 10.212... network?
Do you have a particular reason to have the D-Link separated from the rest of the network, in other words, for not setting it up as an access point?

 

[DeauteratedDog]

At first glance, i would think that you would set up a VPN tunnel from your PC (10.212.2.199) to the DSR (10.212.238) which would give your PC a 'tunneled' address on the 192.168.10.x network.

Do I mis-understand what you are trying to do? Am i looking at this backwards?

 

[Baonerges]

@DeauteratedDog You understand perfectly.

This whole network is an internal network. My DHCP creates the 10.212.2 scope and the router I installed holds the 192.168.10 scope.

The ethernet cable is plugged into the WAN port on the D-Link.

The reason the D-Link is setup there is to separate one of our departments away. They have all sorts of machinery which they sit on the network and are constantly moving things around. I is simpler to give them they own network which they can manage.

My Goal: 10.212.2.199 can RDP into 192.168.10.100 without any use of a VPN. This would mean I can ping 192.168.10.100 from 10.212.2.199. Is this at all possible without a VPN?

 

[bill001g]

You can do a single IP but your problem is the device you are using is not really a "router". Its only purpose is to translate a single subnet to a single wan ip address. A much better word for these devices is a gateway. You can use the DMZ to solve 1 machines but to do more than 1 you must have a very different design.

First the device must act as a router and not translate any addresses. The next problem is the machines in the 10 network need to somehow know to send 192.x addresses to your ip on the 10.x network. This normally is done in the router that is acting as the gateway for the 10.x network. This device must also be a true router in most cases to allow you do what you want.

 

[nigelivey]

Could you not swap out the Dlink for a layer 3 managed switch, the 10. net could stay on the default Vlan and your segment on a separate Vlan using IVR on the switch to route between the two nets??

 

[jsmithepa]

Both of those addresses are private, hence internal IPs, I don't know how you categorize any as external.

Looking at the diagram, are you doing a DOUBLE-NAT, the quickest and simplest way to resolve your problem is to merge everything into one single flat subnet. If unable to, the very least that should happen is, the main (top) router has the ability to be configured with a static router that says: In order to get to the 192 network, its gateway is 10.212.2.238.

 

[Baonerges]

@bill001g If I can just do a single IP that would be fine for now. I need one computer in the 192. net to be visible to 10. net. I will try the DMZ again. I failed with it when I tried last.

@nigelivey Unfortunately this is what I have to work with. The d-link is layer 3 though if I am not mistaken.

@jsmithepa Yes everything is internal here. The goal of this is to break away some devices into their own IP address pool. Just to reiterate, you are suggesting I configure the DHCP in the 10.net to know that the 192.net is behind 10.212.2.238 correct?

 

[bill001g]

If you only need a single ip just use the dmz option in the router. Using your example you would put 192.168.10.100 in the dmz. Machines in the 10. network would use the ip 10.212.2.238 to access it.

 

[nigelivey]

@bill001g If I can just do a single IP that would be fine for now. I need one computer in the 192. net to be visible to 10. net. I will try the DMZ again. I failed with it when I tried last.

@nigelivey Unfortunately this is what I have to work with. The d-link is layer 3 though if I am not mistaken.

@jsmithepa Yes everything is internal here. The goal of this is to break away some devices into their own IP address pool. Just to reiterate, you are suggesting I configure the DHCP in the 10.net to know that the 192.net is behind 10.212.2.238 correct?


So this could still work if you create two Vlans and enable inter-vlan-routing. I believe there is an option