How can I securely share files between to private Lans in the same building

Our company and another company in the same building need to share

200mb+ files on a daily basis. We are close enough to run a few cables between the lans but we want to maintain security by limiting access to a single file share or 1 share on each network and keep our own Internet routers, dhcp servers, running. We each use soho routers (Linksys & Netgear) with no dmz ports on them. I was thinking of purchasing two more soho firewalls and connecting the Lan interface on each one to each of our Lans and adding static routes on our current routers to route traffic to them. I would then have two options. 1) connect the wan ports to a hub and plug a server into the hub. 2) Configure a VPN on each firewall so that any traffic covered by the policy will automatically be routed to the other network. I would prefer option 1 because it seems to isolate both networks better than
  1. I don't know if any of this will work. I'd appreciate your input.

thanks NH

Reply to
BrooklynBadass
Loading thread data ...

Try something like this:

Internet --- FW1 --- LAN --- FW2 --- DMZ --- VPN1 === VPN2 --- Other Company

FW1 is the Firewall/Router for your company's internet access. FW2 is a Gateway from your LAN to a DMZ where you place a server hosting the shares you want to provide for the other company. VPN1 and VPN2 are VPN endpoints establishing a secure connection between your network and the other company's network. FW3 is located in your office, FW4 is located in the other company's office. That way you don't need to worry about someone wiretapping the transmission network between your two companies.

On FW2 allow connections from LAN to DMZ but deny connections from DMZ to LAN (except for established connetions of course). Push the data you need to share with the other company to the server in the DMZ, and fetch data shared by the other company from that server (or from their server in their part of the VPN).

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Try something like this:

Internet --- FW1 --- LAN --- FW2 --- DMZ --- VPN1 === VPN2 --- Other Company

FW1 is the Firewall/Router for your company's internet access. FW2 is a Gateway from your LAN to a DMZ where you place a server hosting the shares you want to provide for the other company. VPN1 and VPN2 are VPN endpoints establishing a secure connection between your network and the other company's network. VPN1 is located in your office, VPN2 is located in the other company's office. That way you don't need to worry about someone wiretapping the transmission network between your two companies.

On FW2 allow connections from LAN to DMZ but deny connections from DMZ to LAN (except for established connetions of course). Push the data you need to share with the other company to the server in the DMZ, and fetch data shared by the other company from that server (or from their server in their part of the VPN).

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.