Solved

Network Sugestions?

Posted on 2003-12-01
3
308 Views
Last Modified: 2010-03-19
Hello,
I'm in a network now that has about 100 nodes on a public /24 subnet.  I have a pix 515e (not installed yet) with just the eth0 and eth1 ports (no DMZ).  Run an Exchange 2000 mail server, an IIS 5 webserver w/5 small sites.  And currently the FW is IOS on a 2621 router.  Everything is currently just sitting behind the firewall on same subnet.

Need sugestions on a secure/efficient setup using what I currently have, if I should be subnetting etc.  The Internal addresses will of course become a private range once the pix is in.  I can get ahold of ISA server to throw in the mix if that helps.

Not sure if I should put this into another question...but....on the transition from public to private IP's, what is the easiest way to change users local ports to point to the new ip addresses?


Thanks
0
Comment
Question by:devinp619
  • 2
3 Comments
 
LVL 5

Expert Comment

by:daJman
ID: 9853702
In your situation my optimal layout would be:
2 ISA servers (behind the PIX);
1 for server subnet; IIS & Exchange (I personally keep these IP's public yet proxied and FW'd)
1 for the users subnet (ISA is the only way I know of to really stop p2p)

There is a lot of PIX info at cisco.com
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm

>what is the easiest way to change users local ports to point to the new ip addresses?
If you mean change the users' IP addresses, then DHCP is your friend. Make one of your DC's or file servers a DHCP server and your good to go.
0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 500 total points
ID: 9867596
If you are getting a pix, why use the ISA server? Proxy?

Here's what my optimal laytout would be:

2621 Router
PIX (What kind of license do you have on the PIX, unlimited? If so add another nic and build a DMZ)
etho (Public IP)
eth1 (Private IP)
NAT (if you need too) your IIS on the PIX to the outside.
The use of ISA can add extra work. The pix is capable to do all the work. Mine has 4 interfaces with 2 DMZ's.
Just my cents.
0
 
LVL 5

Expert Comment

by:daJman
ID: 9885069
>ISA is the only way I know of to really stop p2p
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question