Protecting my network through a vlan
I am an instructor at a school where I also maintain the network for my classroom and all of the adult programs as well as the biz and admin offices. Part of the classes / offices are at a different building / physical location.
there are presently 2 T1 lines to that campus, one for IP phones and one for my network. I do not maintain the phones, they are taken care of by the technology coord. They are changing the connections between the 2 locations by replacing the T1s with a single fiber. They may be able to make the connection transparent for my network and I would not need to make any changes. Presently I have all one segment for both places.
Even if it does work to be transparent, I am VERY concerned about the security of my network. I do not have access to the 2 L3s they are going to use on each end so someone can "peek" into my network any time they choose unless I prevent that. I have logged repeated attempts to connect to my main NAT from the outside, I feel this is a cut to the heart.
I am thinking I want to have a NAT on each end of the connection but I am not really sure how to set the routing up.
Internet <--> lan here <--> new nat <--> L3 <--ss--> L3 <--> new nat <--> there
I have a custom firewall with iptables on my main nat to the internet, I am not sure how I would set the routing or if I need 5? network segments or .....
I would want it to all be transparent to the users. I know I have to set a new DHCP server at that campus and I can still use my DNS servers here.
Really looking for a simple but effective solution. They will set the IPs to the L3s to whatever IP I give.