A variety of things need to happen to make this work, and address
translation is just one of them. If both enterprises have used
private address space, something that often simplifies the
integration is to use what is called "double NAT": translate from
Enterprise 1 space to a new private space in a DMZ, and translate
from DMZ space to Enterprise 2. By doing it this way, the Enterprise
1 and 2 administrators don't necessarily have to coordinate every
step.
Your DNS is going to be as much challenge as your addressing. In
major readdressings, DNS and DHCP are your friends. If you aren't
using DHCP for most devices, start using it so you only have to make
changes on DHCP servers. Make sure applications request services
from DNS names rather than hard-coded addresses.
If both enterprises are running dynamic routing, you have an
assortment of things that can help. Prior to full integration, you
might want to add plaintext authentication to the routing protocols,
with different passwords for the two former enterprises. This tends
to prevent leaks. As with the address translation DMZ, it's useful
to establish a new backbone and then bring the old pieces into it.
You may want to have an internal firewall, if for no other reason to
understand traffic patterns. This can be temporary. If there's
encryption in use, be sure everyone has compatible digital
certificates and/or crypto tokens.
For the router piece proper, see my http://www.isi.org/rfc/rfc2072.txt
I go into more detail in my books, especially Designing Addressing
Architectures for Routing and Switching (Macmillan, 1998, ISBN
1-57870-059-0) and WAN Survival Guide (Wiley, 2000, ISBN
0-471-38428-3)
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
