Solved

Network Sugestions?

Posted on 2003-12-01
3
303 Views
Last Modified: 2010-03-19
Hello,
I'm in a network now that has about 100 nodes on a public /24 subnet.  I have a pix 515e (not installed yet) with just the eth0 and eth1 ports (no DMZ).  Run an Exchange 2000 mail server, an IIS 5 webserver w/5 small sites.  And currently the FW is IOS on a 2621 router.  Everything is currently just sitting behind the firewall on same subnet.

Need sugestions on a secure/efficient setup using what I currently have, if I should be subnetting etc.  The Internal addresses will of course become a private range once the pix is in.  I can get ahold of ISA server to throw in the mix if that helps.

Not sure if I should put this into another question...but....on the transition from public to private IP's, what is the easiest way to change users local ports to point to the new ip addresses?


Thanks
0
Comment
Question by:devinp619
  • 2
3 Comments
 
LVL 5

Expert Comment

by:daJman
ID: 9853702
In your situation my optimal layout would be:
2 ISA servers (behind the PIX);
1 for server subnet; IIS & Exchange (I personally keep these IP's public yet proxied and FW'd)
1 for the users subnet (ISA is the only way I know of to really stop p2p)

There is a lot of PIX info at cisco.com
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm

>what is the easiest way to change users local ports to point to the new ip addresses?
If you mean change the users' IP addresses, then DHCP is your friend. Make one of your DC's or file servers a DHCP server and your good to go.
0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 500 total points
ID: 9867596
If you are getting a pix, why use the ISA server? Proxy?

Here's what my optimal laytout would be:

2621 Router
PIX (What kind of license do you have on the PIX, unlimited? If so add another nic and build a DMZ)
etho (Public IP)
eth1 (Private IP)
NAT (if you need too) your IIS on the PIX to the outside.
The use of ISA can add extra work. The pix is capable to do all the work. Mine has 4 interfaces with 2 DMZ's.
Just my cents.
0
 
LVL 5

Expert Comment

by:daJman
ID: 9885069
>ISA is the only way I know of to really stop p2p
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now