In article , Mark wrote: :Im trying to source a router for internal routing only. I want to :connect our current network with a network of factory machines which :use a different ip range (Our domain 192.168.1.xxx, Factory :192.168.2.xxx). Im after a reasonably priced solution that will :prevent packets from the factory network reaching the office network, :but still allow the office to connect to the factory machines.
That can't be done if you are using TCP. TCP *needs* return packets: you *want* packets to return from the factory network if you are using TCP.
Perhaps a more precise criteria would be that you do not want the factory network to be able to initiate connections to the office network? If so, then what are your plans with respect to DNS, WINS, email, intranet to be able to read the Material Safety Data Sheets, and so on? Are you planning to use a network monitoring package that uses SNMP to examine the state of the switches and/or devices? SNMP is UDP based, and UDP can't tell replies from new transmissions.
:Im :assuming that I will need a router with 2 ethernet ports that will :connect to the appropriate switched.
Not completely true: you could do it with a single port "router on a stick" if the router and your switch support 802.11Q VLANs.
:Could anyone recommend a good :solution that isnt too expensive? (was thinkin up to £500ish). I don't :want anything too fancy as I dont need firewall/vpn/adsl etc. just :internal routing.
£500 would easily cover a true firewall such as a PIX 501, but as the other poster pointed out, you can probably get away with a D-Link or Linksys or Netgear device that has stateful packet inspection (SPI). These devices tend to assume that you have many addresses on the secure side that are to be network address translated (NAT) into one [or sometimes two] source IPs as they go out. If your factory machines will have a need to differentiate between different office sources (e.g., for logging or authentication purposes, or because you have some protocols other than TCP or UDP in the mix), then you will have to do a bit more digging.
I don't recall that you gave any bandwidth estimates that the router would need to handle?
If, after reflection upon the points I raise above, you find that your situation is more complex than you were previously thinking, then you might find that a Cisco PIX 501 (possibly with the optional "50 user license"), or Cisco 837 VPN Bundle might make more sense.