Hello!

I have a 2860n router connected to my ISP; it is working well for inbound (VPN & RDP) and outbound as well as wireless connections.

I also have a 2820vn with it's own LAN but not directly connected to the Internet; though it can be connected to the 2860n via a LAN or WAN port.

Is it possible to re-direct some of the external users to the 2820's LAN and some to the 2860's LAN? Inbound connections can be identified by port numbers for RDP and usernames for VPN users.

Also, users on 2860's LAN should be able to access resources on 2820 but not vice-versa; however users on both LAN's should be able to use the Internet for outbound connections.

Many thanks for your help.

I have made some progress but need help to progress further, please:

I have connected LAN port 6 of 2860 to the WAN2 port of 2820.

Set up True DMZ on 2860's WAN1 port (connected to the ISP), using Active True IP and 2820's MAC address.

IP addresses:
2860 LAN port: 10.44.2.1
2820 LAN port: 10.44.12.1
2820 WAN2 port: 10.44.0.1
Subnet masks: 255.0.0.0

Users on 2820 LAN (wired and wireless) can connect to the Internet.

However, I cannot ping 2820 WAN2 port (10.44.0.1) from 2860, nor can I ping 2860 from 2820; Also, I cannot I RDP in to a PC on 2820's LAN (10.44.12.xxx); port-redirection is set up on 2820.

Users on 2820 can't see devices on 2860's LAN (desirable); and those on 2860 unable to access 2820's network (required).

For testing, I disable incoming and outgoing firewalls on both routers.

I am just wondering if this is a right approach and if so, what have I missed out.

Thanks for your help.