Network Sugestions?

Hello,
I'm in a network now that has about 100 nodes on a public /24 subnet.  I have a pix 515e (not installed yet) with just the eth0 and eth1 ports (no DMZ).  Run an Exchange 2000 mail server, an IIS 5 webserver w/5 small sites.  And currently the FW is IOS on a 2621 router.  Everything is currently just sitting behind the firewall on same subnet.

Need sugestions on a secure/efficient setup using what I currently have, if I should be subnetting etc.  The Internal addresses will of course become a private range once the pix is in.  I can get ahold of ISA server to throw in the mix if that helps.

Not sure if I should put this into another question...but....on the transition from public to private IP's, what is the easiest way to change users local ports to point to the new ip addresses?


Thanks
devinp619Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

daJmanCommented:
In your situation my optimal layout would be:
2 ISA servers (behind the PIX);
1 for server subnet; IIS & Exchange (I personally keep these IP's public yet proxied and FW'd)
1 for the users subnet (ISA is the only way I know of to really stop p2p)

There is a lot of PIX info at cisco.com
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm

>what is the easiest way to change users local ports to point to the new ip addresses?
If you mean change the users' IP addresses, then DHCP is your friend. Make one of your DC's or file servers a DHCP server and your good to go.
0
skyfreedomdotnetCommented:
If you are getting a pix, why use the ISA server? Proxy?

Here's what my optimal laytout would be:

2621 Router
PIX (What kind of license do you have on the PIX, unlimited? If so add another nic and build a DMZ)
etho (Public IP)
eth1 (Private IP)
NAT (if you need too) your IIS on the PIX to the outside.
The use of ISA can add extra work. The pix is capable to do all the work. Mine has 4 interfaces with 2 DMZ's.
Just my cents.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
daJmanCommented:
>ISA is the only way I know of to really stop p2p
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.