How to create an isolated network


Option 1:   If you have two public IP’s from your service provider you can simply install a
switch between the router and the modem and
then configure each separately as if it were two different businesses in different buildings. Router 1 and 2 can be wired or wireless.

Option 2:  If you only have one public IP available from the service provider you need to use 3
routers
. Router1 would normally be a wired only, and Routers 2 and 3 can be wired or wireless depending on your needs. This configuration completely isolates the 192.168.200.0/24  network from the 192.168.300.0/24 network. No users are to be connected wired or wirelessly to Router1.

Note: If you want to connect clients to Router1 or make it wireless and allow clients to connect, keep in mind users of the .200 and .300 networks will be able to see the devices connected to Router1 (thus no privacy other than their personal firewalls), however users of Router1 will not be able to see devices on the .100 and .200 networks. They are protected because they are on the LAN (private) side of the router/firewall. 

In this case each router is configured as it would normally be except you need to adjust the IP configurations for LAN and WAN of each router.

Note: Keep in mind if you have incoming services such as Remote desktop, you will need to port forward the appropriate ports, such as 3389, from Router1 to Router2, and then from Router2 to the appropriate
server/PC/device.

Warning: This method does not work for incoming VPN connections. Generally VPN’s will not work with multiple NAT devices (routers).

Option 3:  If you want to configure a guest network, which protects the corporate network, but it is not necessary to protect the guest network from the corporate network, you can do so with only 2 routers. In this case the guests, connected to Router1, are exposed to the corporate network, similar to that of an Internet café, but the corporate network is completely protected from the guest network because it is behind the firewall/Router2. Router 1 and 2 can be wired or wireless.

In this case each router is configured as it would normally be except you need to adjust the IP configurations for LAN and WAN of each router.

Note: Keep in mind if you have incoming services such as Remote desktop, you will need to port forward the appropriate ports, such as 3389, from Router1 to Router2, and then From Router2 to the appropriate server/PC/device. 

Warning: This method does not work for incoming VPN connections. Generally VPN’s will not work with multiple NAT devices (routers).