GB1000 - Paranoid Admin Question

[Steve Leach]

Hi group.   I have a network whci is configured so that I have the following in place:   Remote GB1000=xxx.xxx.xxx.xxx<------->VPN<------>Local GB1000 yyy.yyy.yyy.yyy They have direct Access to the Internet via ADSL, restricted to port 80, with an MS profile on each system that allows them Office Apps, our own Intranet Shell, MSIE. They are unable to save files to the local disk as the Registry is tailored to deny all such events apart from an environment that our Intranet application gives them. The systems (all 10 of them use DHCP from the GB1000 and all was well.....until........   We are letting an office in the building to some company we have a passing relationship with (read Trust No One on this). I have been asked to provide them with Internet Access outbound only, but no access to our network in any way shape or form. Since the equipment is locked off in a room and heavy duty cabinet it is an easy task to give them a seperate switch from one of the interfaces - as a second Protected network and ensure it does not have any ability to talk to our own - yup, more than happy.   I started to configure the box, but then had a thought. What happens with regard to DHCP? If they did a request from their network what would the GB1000 assign them? I know it cannot be routed as the Gateway interface will be different - but being paranoid, what if they could craft something using OUR address once they had that information (if it was assigned). Is it best to do DHCP another way, or just assign the PC's addresses (not really great as visitors with laptops from HQ want to plug in and play).   Any thoughts appreciated and most welcome. Thanks in Advance.     Best Regards,   Steve Leach Network Manager Miami International Limited Eaglescliffe Logistics Centre Durham Lane Egglescliffe URL: http://www.askalix.com TEL: 01642 356205 e-mail: [EMAIL PROTECTED]