I have been given the task to administer the network for a small company operating their own website and online store. Right now their network consists of about 15 computers and 2 servers connected to a Cisco PIX 501, which is connected to a Cisco 1700 to a T1. One server is a WWW/Online Transaction server, the other is an Active Directory/SQL Backend for the www site. Both servers have public IP addresses.
I need someone to tell me if my current plan (below) sounds like a feasable, SECURE setup for this network.
(my plans below)
The T1 goes to the 1700 router, then to the PIX firewall.
Off of the firewall I have the WWW server in a DMZ w/ a public IP adress.
The rest of the network is firewalled completley with 3 subnets, one for the ActiveD/SQL server, one for the client PCs, and one for VPN clients.
The VPN will authenticate using radius on the ActiveD server.
Is this the best, most secure way to set this thing up right?