Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Network Sugestions?

Posted on 2003-12-01
3
Medium Priority
?
313 Views
Last Modified: 2010-03-19
Hello,
I'm in a network now that has about 100 nodes on a public /24 subnet.  I have a pix 515e (not installed yet) with just the eth0 and eth1 ports (no DMZ).  Run an Exchange 2000 mail server, an IIS 5 webserver w/5 small sites.  And currently the FW is IOS on a 2621 router.  Everything is currently just sitting behind the firewall on same subnet.

Need sugestions on a secure/efficient setup using what I currently have, if I should be subnetting etc.  The Internal addresses will of course become a private range once the pix is in.  I can get ahold of ISA server to throw in the mix if that helps.

Not sure if I should put this into another question...but....on the transition from public to private IP's, what is the easiest way to change users local ports to point to the new ip addresses?


Thanks
0
Comment
Question by:devinp619
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Expert Comment

by:daJman
ID: 9853702
In your situation my optimal layout would be:
2 ISA servers (behind the PIX);
1 for server subnet; IIS & Exchange (I personally keep these IP's public yet proxied and FW'd)
1 for the users subnet (ISA is the only way I know of to really stop p2p)

There is a lot of PIX info at cisco.com
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm

>what is the easiest way to change users local ports to point to the new ip addresses?
If you mean change the users' IP addresses, then DHCP is your friend. Make one of your DC's or file servers a DHCP server and your good to go.
0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 2000 total points
ID: 9867596
If you are getting a pix, why use the ISA server? Proxy?

Here's what my optimal laytout would be:

2621 Router
PIX (What kind of license do you have on the PIX, unlimited? If so add another nic and build a DMZ)
etho (Public IP)
eth1 (Private IP)
NAT (if you need too) your IIS on the PIX to the outside.
The use of ISA can add extra work. The pix is capable to do all the work. Mine has 4 interfaces with 2 DMZ's.
Just my cents.
0
 
LVL 5

Expert Comment

by:daJman
ID: 9885069
>ISA is the only way I know of to really stop p2p
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question