allow external visitor to get to Internet

5045 pts.
IP address
Microsoft Windows
I have an outside vendor coming in who needs to connect to our network via Cat5 and access the Internet. His IP address scheme is 100% different than ours. What can I do short of changing him to have one of our IP addresses to allow him to get to the Internet? I have full access to our router, if that helps, and may also be able to add routes to his PCs network configuration. Ideas? Thanks!!

Software/Hardware used:
Windows, Cisco, Network

Answer Wiki

Thanks. We'll let you know when a new response is added.

If your router supports a Secondary IP address on the inside and the router is your default gateway couldn’t you just add an IP address with his current gateway IP address?

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Hairstraightback
    route ADD MASK Means: route ADD “network” MASK “subnet mask” “gateway ip” For example, if you were on the network, and you had a gateway on configured to access the network, you would use a route add statement like this: route ADD MASK Your routing table should now reflect that change, and all traffic to the 10.10.10.x range will now be sent over to the gateway machine. The route add change will only stick across reboots if you add it with the -p flag, as in the following: route -p ADD MASK
    15 pointsBadges:
  • CiscoOne
    Are you using DHCP in your network if so if so he can just set his connection to obtain Ip address automaticlly.
    75 pointsBadges:
  • AnchorS
    I agree wtih CiscoOne. Why bother with the trouble of not having him get a address via DHCP? Being in a secure environment though, we want to assign those vendors to a vlan to segregate the traffic. So....we get a wired/wireless router set up assigning dhcp addresses, dns, etc....and have it attached to our main switch on a port with the proper vlan restriictions.
    380 pointsBadges:
  • Tweeks
    yes.. either a hardwired link on a special outgoing only VLAN (behind a stateful NAT)... OR if you have a full blown firewall router, set up a dedicated "vendor DMZ" that allows them to get out but not touch any inbound traffic or systems. You should also throttle such traffic so that his actions cannot have adverse affects on your provider bandwidth/connectivity, otherwise he could DoS your location my sucking down content.. or worse.. doing something stupid that is perceived as an attack by others. While you're at it.. you might want to just route any such traffic on a non-backbone connection (with separate IP and provider bandwidth). That's what we did for our guest VLANs. That way if they send spam of soemthing, your main DC IPs don't get blocked and tained by spam RBLs. Good luck! Tweeks
    35 pointsBadges:
  • Koohiisan
    Thanks everyone for all the great suggestions! After all of this stress, this particular vendor decided to allow us to go DHCP. I'll save these for the future in case we decide to allow more vendors in who *won't* let us go the easy route. :) Thanks!!
    5,045 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: