Trying to Find a Way to Let Two Different LANs on Different N66U Routers Talk

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

BAMMichael

New Around Here
I am currently trying to move the phone system software from an old and insecure Win7 machine over to an updated Server2016 machine, but I've run into an issue.

Our company network is split into two different LANs, one using 10.0.0.1 and another on 10.3.2.1. Each LAN runs on a different ASUS R-N66U router and has a purpose; the 10.0.0.1 network is for computers and general technology, while the other is reserved for only the hardline phone network. Each network also has its own public IP on the other side of the router (from the Comcast Business modem).

Config looks like this: MODEM -> ASUS Router (10.0.0.1) -> Switch (With building ethernet wiring all connected clients)
|
-> ASUS Router (10.3.2.1) -> Switch (With all building phones wired in) -> A bunch of phone boxes, Analog Gateways and other devices that look important (I didn't build the network, brands include Patton and Arris)

The idea is to find a way to allow the main server (on the 10.0.0.1 network) to be able to talk to any client on the other network. This can be accomplished any way, but I will note the phone network is not secured by a firewall or any other tool, so I was also looking for a solution to try to secure the connection. The phone network is 3CX and we use Yealinks. I imagine openly allowing traffic between an unsecured network and a secured network could be potentially a bad call.

I'll also note both routers are plugged into both switches, maybe the last tech guy was trying to let the networks talk to each other? I imagine the process of letting them ping/talk will involve the routers, hence why I've come to an ASUS forum.

Thank you!
 

ColinTaylor

Part of the Furniture
TBH this looks like a mess.

1. A reasonably large (from what you've said) business running on two "home" routers.
2. Routers are obsolete and EOL, last update was 2020/06/18. They have been updated, right?
3. One router exposed to the public internet with no firewall.
4. Both router's LANs connected to the same switch!

Personally, I would replace both routers with a modern, supported, business class product. The RT-N66U's must be on their last legs by now. Better to replace them before they fail.

Just my 2 cents.
 

BAMMichael

New Around Here
TBH this looks like a mess.

1. A reasonably large (from what you've said) business running on two "home" routers.
2. Routers are obsolete and EOL, last update was 2020/06/18. They have been updated, right?
3. One router exposed to the public internet with no firewall.
4. Both router's LANs connected to the same switch!

Personally, I would replace both routers with a modern, supported, business class product. The RT-N66U's must be on their last legs by now. Better to replace them before they fail.

Just my 2 cents.
I'm a newer IT Tech, and I'm still trying to understand the way the phone network was put together. I believe a third party was contracted to assemble the phone system, I haven't figured out how to access/modify it yet (let alone figure out why they are needed). The last tech did not leave instructions or notes of any kind, I've had to go through the entire network (modem, routers, switches, etc.) and system myself and figure/guess passwords.

1. We have 12 users and phones, still a small business. For our purposes I understand why the last tech didn't want to buy an expensive router.
2. I believe the firmware is up-to-date on the router I can access, the phone network one is outdated. My guess is the last tech (like me) didn't understand why all the boxes were installed and didn't want to break the phones.
3. Yes the public IP is exposed to the modem with no firewall. I could write a rule to allow in the 3CX port ranges and close the rest of the ports.
4. Right now both routers are plugged in to all three of our switches. I guess it was a failed attempt to allow the networks to ping each other. Logically I'd imagine this might have to be done by either connecting the routers and writing a rule or connecting the IP's at the business modem end.

I would assume the point of getting a business class router would be to just have one router with one LAN network encompassing phones/devices?

What would you call a "reasonable" business class router? Cisco?
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top