Solved

Network Sugestions?

Posted on 2003-12-01
3
312 Views
Last Modified: 2010-03-19
Hello,
I'm in a network now that has about 100 nodes on a public /24 subnet.  I have a pix 515e (not installed yet) with just the eth0 and eth1 ports (no DMZ).  Run an Exchange 2000 mail server, an IIS 5 webserver w/5 small sites.  And currently the FW is IOS on a 2621 router.  Everything is currently just sitting behind the firewall on same subnet.

Need sugestions on a secure/efficient setup using what I currently have, if I should be subnetting etc.  The Internal addresses will of course become a private range once the pix is in.  I can get ahold of ISA server to throw in the mix if that helps.

Not sure if I should put this into another question...but....on the transition from public to private IP's, what is the easiest way to change users local ports to point to the new ip addresses?


Thanks
0
Comment
Question by:devinp619
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Expert Comment

by:daJman
ID: 9853702
In your situation my optimal layout would be:
2 ISA servers (behind the PIX);
1 for server subnet; IIS & Exchange (I personally keep these IP's public yet proxied and FW'd)
1 for the users subnet (ISA is the only way I know of to really stop p2p)

There is a lot of PIX info at cisco.com
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm

>what is the easiest way to change users local ports to point to the new ip addresses?
If you mean change the users' IP addresses, then DHCP is your friend. Make one of your DC's or file servers a DHCP server and your good to go.
0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 500 total points
ID: 9867596
If you are getting a pix, why use the ISA server? Proxy?

Here's what my optimal laytout would be:

2621 Router
PIX (What kind of license do you have on the PIX, unlimited? If so add another nic and build a DMZ)
etho (Public IP)
eth1 (Private IP)
NAT (if you need too) your IIS on the PIX to the outside.
The use of ISA can add extra work. The pix is capable to do all the work. Mine has 4 interfaces with 2 DMZ's.
Just my cents.
0
 
LVL 5

Expert Comment

by:daJman
ID: 9885069
>ISA is the only way I know of to really stop p2p
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month9 days, 23 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question