Member_2_3666383
asked on
WAN Connection/Would this work??
We're looking at making some changes to our network and was wondering if the setup we've come up with looks like it will work ok or if there are any better ways to do this. I've included network diagram images to help it make a little more sense.
Here is a network diagram of our exisiting network:
http://i57.photobucket.com/albums/g212/operandi2006/oldnet.jpg
Basically we're setup locally with a NT4 Server that acts as a DHCP server and File Server. We're connected via a T1 to a remote location that handles our DNS, Exchange server and some AS400 applications, we also receive internet access from this remote site. We've been having a problem with this remote location managing us a bit more than we'd like, they're only an affiliate of ours but have been using VNC to monitor some of our employees and are blocking websites and email that are necessary for normal business. What I've looked at doing is this:
http://i57.photobucket.com/albums/g212/operandi2006/newnet.jpg
Setting up our own Window2k3 Domain Controller as well as our own Exchange 2k3 server, getting our own internet access and forwarding only traffic that needs to go through their network to the T1 connection. We have a few people who work here who are employed by the remote company and would need to remain a member of their domain, so I've planned to give them static IP addresses instead of the DHCP that will be used with the new setup.
Is there anything that we're missing or could do better before we begin further planning for the switchover??
Here is a network diagram of our exisiting network:
http://i57.photobucket.com/albums/g212/operandi2006/oldnet.jpg
Basically we're setup locally with a NT4 Server that acts as a DHCP server and File Server. We're connected via a T1 to a remote location that handles our DNS, Exchange server and some AS400 applications, we also receive internet access from this remote site. We've been having a problem with this remote location managing us a bit more than we'd like, they're only an affiliate of ours but have been using VNC to monitor some of our employees and are blocking websites and email that are necessary for normal business. What I've looked at doing is this:
http://i57.photobucket.com/albums/g212/operandi2006/newnet.jpg
Setting up our own Window2k3 Domain Controller as well as our own Exchange 2k3 server, getting our own internet access and forwarding only traffic that needs to go through their network to the T1 connection. We have a few people who work here who are employed by the remote company and would need to remain a member of their domain, so I've planned to give them static IP addresses instead of the DHCP that will be used with the new setup.
Is there anything that we're missing or could do better before we begin further planning for the switchover??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
To Blackfox:
The users at our site that are employed by the remote location would use the internet connection that is already in place at the remote site. Users at the remote site would stay the way they are and be unaffected by our change.
--------------------------
To SplinterCell:
1. What information needs to be shared between you and your affiliate? AS400 info only? What I'm really asking here is:
- Do you share files, printers, etc.?
We don't share files or printers between locations. Right now files and printers are only shared inside our site via our NT4 server.
- Do you need to share the Exchange Global Address List?
We may want access to their Global Address list, but not vice versa. Right now some users here have a (lets say) user@remoteserver.com email address, after we make the changes they'll have a (lets say) user@localserver.com email address. This isn't a real big thing for us as they have outlook web access that most users that will keep their user@remoteserver.com email address will use. For the most part we'd like to begin only using user@localserver.com unless there is someplace that requires it. Is there a way to have Outlook use a connection to 2 different Exchange Servers??
- Do you use applications on their network?
The only applications we're using right now is the AS/400 application that I'm assuming will work ok with the 172 traffic routed to the T1?? The users that are employed by the remote location are the only ones that may need access to some applications in the future but I'm assuming that they can still be setup as a memeber of the remote domain through by using static ip address and the remote locations DNS server??
- Is there anything else you need to access on their network?
Just their intranet page, I realize that the DNS wont allow users to access that through the server name anymore, but I'll just create a shortcut to the IP address of the server off of our local intranet page, and make sure that users know the IP address to access it.
2. Do you need to share their DNS? Do you need to resolve their server and computer names? (This question is really an extension of the first question).
I don't think there are any other spots where we'd need to share their DNS besides the intranet page. Users employed by the remote site that need that sort of access will be ok with the static ip and dns settings on their PCs right?
The users at our site that are employed by the remote location would use the internet connection that is already in place at the remote site. Users at the remote site would stay the way they are and be unaffected by our change.
--------------------------
To SplinterCell:
1. What information needs to be shared between you and your affiliate? AS400 info only? What I'm really asking here is:
- Do you share files, printers, etc.?
We don't share files or printers between locations. Right now files and printers are only shared inside our site via our NT4 server.
- Do you need to share the Exchange Global Address List?
We may want access to their Global Address list, but not vice versa. Right now some users here have a (lets say) user@remoteserver.com email address, after we make the changes they'll have a (lets say) user@localserver.com email address. This isn't a real big thing for us as they have outlook web access that most users that will keep their user@remoteserver.com email address will use. For the most part we'd like to begin only using user@localserver.com unless there is someplace that requires it. Is there a way to have Outlook use a connection to 2 different Exchange Servers??
- Do you use applications on their network?
The only applications we're using right now is the AS/400 application that I'm assuming will work ok with the 172 traffic routed to the T1?? The users that are employed by the remote location are the only ones that may need access to some applications in the future but I'm assuming that they can still be setup as a memeber of the remote domain through by using static ip address and the remote locations DNS server??
- Is there anything else you need to access on their network?
Just their intranet page, I realize that the DNS wont allow users to access that through the server name anymore, but I'll just create a shortcut to the IP address of the server off of our local intranet page, and make sure that users know the IP address to access it.
2. Do you need to share their DNS? Do you need to resolve their server and computer names? (This question is really an extension of the first question).
I don't think there are any other spots where we'd need to share their DNS besides the intranet page. Users employed by the remote site that need that sort of access will be ok with the static ip and dns settings on their PCs right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
johnmorris - there are only 3 or 4 users who connect to the as/400, and I was thinking I'd probably have to change the hosts file for each one.
what firewall do you use that has the optional port?? that sounds like it would work good here.
what firewall do you use that has the optional port?? that sounds like it would work good here.
ASKER
I'm guessing you're talking about the Sonicwall TZ170??
I use watchguard III 700 and a watchgaurd X class, which are both for larger networks 25-100, but they make soho's which are smaller. I'm not sure if the Sohos have the Optional port. But, a quick check on Watchgaurd.com should let you know. Let me know if you don't find the info you need.
John
John
The Watchguard Series firewalls are very nice and easy to manage. I have a Watchguard 1000 and it is very nice to work with. The optional port is easy to configure.
The Sonicwall above is good, too. Another choice can be Netscreen 5gt. It is scaleable by licensing and has a home/work settings that can be set to individual ports. Easy to setup, so I've been told by by cisco expert friend.
Do you intend for the remote wan users to go to the internet via your site or theirs? If they are to use the remote site access then you will need to be sure to add some routing to the switches that will allow this traffic to get back to the remote site. I assume this would be the correct option if they are to live by the remote sites rules.