Question : setting up a development network

Hi there,

I would like to set up a new development network on our production network and be able to connect to the dev network from the prod network and vice versa. I also need to be able to get the internet when connected to the development network. We also have a DMZ network. The ranges are

PROD 10.1 /15
DEV 172.16 /16
DMZ of 172.16 /26

I am going to use a VM with 2 vmnics, one leg in the DEV network and one leg in the PROD network.  We use a firewall on the production network that acts asa a gateway and router for the dmz and prod network.

How do configure the network so the 10.1 prod network can connect via remote desktop to the dev network and also getting the internet when connected to the dev network?

Answer : setting up a development network

the recommended topology for your scenario would look like the diagrams below.

the first solution separates all subnets with each other using a central firewall. RDP access from PROD to DEV can be implemented using NAT port forwarding or ACL based routing. this approach normally needs a high-end firewall if high performance is required.

if you don't have the multi-interface firewall demanded in the above approach, you may consider the second solution which puts all subnets sequentially. the PROD subnet is the most internal network, and DMZ is the edge to the internet. PROD users can of course access all hosts in DEV (or can be restricted by specific rules) as the DEV subnet is among PROD's route to the internet. the same thing for DMZ.

hope it helps,
bbao

1: 2: 3: 4: 5: 6: 7: 8: 9:

DMZ | <--- PROD ---> FIREWALL <--- DEV ---> | INTERNET or <-- PROD ---> ROUTER <--- DEV ---> ROUTER/FIREWALL <--- DMZ ---> FIREWALL <--- INTERNET --->