?
Solved

WAN Connection/Would this work??

Posted on 2006-05-22
10
Medium Priority
?
277 Views
Last Modified: 2010-03-19
We're looking at making some changes to our network and was wondering if the setup we've come up with looks like it will work ok or if there are any better ways to do this.  I've included network diagram images to help it make a little more sense.

Here is a network diagram of our exisiting network:
http://i57.photobucket.com/albums/g212/operandi2006/oldnet.jpg

Basically we're setup locally with a NT4 Server that acts as a DHCP server and File Server.  We're connected via a T1 to a remote location that handles our DNS, Exchange server and some AS400 applications, we also receive internet access from this remote site.  We've been having a problem with this remote location managing us a bit more than we'd like, they're only an affiliate of ours but have been using VNC to monitor some of our employees and are blocking websites and email that are necessary for normal business.  What I've looked at doing is this:

http://i57.photobucket.com/albums/g212/operandi2006/newnet.jpg

Setting up our own Window2k3 Domain Controller as well as our own Exchange 2k3 server, getting our own internet access and forwarding only traffic that needs to go through their network to the T1 connection.  We have a few people who work here who are employed by the remote company and would need to remain a member of their domain, so I've planned to give them static IP addresses instead of the DHCP that will be used with the new setup.

Is there anything that we're missing or could do better before we begin further planning for the switchover??
0
Comment
Question by:themodusoperandi
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 1

Expert Comment

by:blackfox_01
ID: 16737245
Well here is one I can think of:

Do you intend for the remote wan users to go to the internet via your site or theirs?  If they are to use the remote site access then you will need to be sure to add some routing to the switches that will allow this traffic to get back to the remote site.  I assume this would be the correct option if they are to live by the remote sites rules.  

0
 
LVL 14

Assisted Solution

by:Joseph Hornsey
Joseph Hornsey earned 525 total points
ID: 16737264

So far, I think it looks good.

Here are the questions I would ask right off the bat:

1. What information needs to be shared between you and your affiliate?  AS400 info only?  What I'm really asking here is:
     - Do you share files, printers, etc.?
     - Do you need to share the Exchange Global Address List?
     - Do you use applications on their network?
     - Is there anything else you need to access on their network?
2. Do you need to share their DNS?  Do you need to resolve their server and computer names?  (This question is really an extension of the first question).

Stuff like that.  Post back and let me know.

<-=+=->
0
 

Author Comment

by:themodusoperandi
ID: 16737477
To Blackfox:
The users at our site that are employed by the remote location would use the internet connection that is already in place at the remote site.  Users at the remote site would stay the way they are and be unaffected by our change.

---------------------------------------------------------------------------------------------------------------------------------------

To SplinterCell:
1. What information needs to be shared between you and your affiliate?  AS400 info only?  What I'm really asking here is:
     - Do you share files, printers, etc.?

We don't share files or printers between locations.  Right now files and printers are only shared inside our site via our NT4 server.  

     - Do you need to share the Exchange Global Address List?

We may want access to their Global Address list, but not vice versa.  Right now some users here have a (lets say) user@remoteserver.com email address, after we make the changes they'll have a (lets say) user@localserver.com email address.  This isn't a real big thing for us as they have outlook web access that most users that will keep their user@remoteserver.com email address will use.  For the most part we'd like to begin only using user@localserver.com unless there is someplace that requires it.  Is there a way to have Outlook use a connection to 2 different Exchange Servers??

     - Do you use applications on their network?

The only applications we're using right now is the AS/400 application that I'm assuming will work ok with the 172 traffic routed to the T1??  The users that are employed by the remote location are the only ones that may need access to some applications in the future but I'm assuming that they can still be setup as a memeber of the remote domain through by using static ip address and the remote locations DNS server??


     - Is there anything else you need to access on their network?

Just their intranet page, I realize that the DNS wont allow users to access that through the server name anymore, but I'll just create a shortcut to the IP address of the server off of our local intranet page, and make sure that users know the IP address to access it.

2. Do you need to share their DNS?  Do you need to resolve their server and computer names?  (This question is really an extension of the first question).

I don't think there are any other spots where we'd need to share their DNS besides the intranet page.  Users employed by the remote site that need that sort of access will be ok with the static ip and dns settings on their PCs right?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 14

Accepted Solution

by:
Joseph Hornsey earned 525 total points
ID: 16737520

Okay.  Then, I think your idea is good.

In fact, if the SonicWall firewall is like a Cisco PIX, you won't even have to open ports... it will automatically allow responses to outbound connections.

Regarding your Outlook question - no, you can't connect to multiple Exchange servers.  You'll have to OWA one and Outlook the other.

I'd say go for it.  If you run into specific problems, you can always post them back here.

<-=+=->
0
 
LVL 2

Assisted Solution

by:johnrmorris
johnrmorris earned 225 total points
ID: 16738904
I only have one concern. How do your users connect to the as/400? If it is software installed on your local clients, is it configurable to point to an IP, or a server name. If it doesn't talk to an IP, then the Route won't work without putting an entry in every pc's hosts file. Other than that your plan looks good. My firewall box has 3 ports, Internal, External and Optional. That allows the Optional to be directed to another IP range, (kind of like having dual Network Cards/ or setting a Route) Hope this wasn't off target and is of some help.
0
 

Author Comment

by:themodusoperandi
ID: 16742013
johnmorris - there are only 3 or 4 users who connect to the as/400, and I was thinking I'd probably have to change the hosts file for each one.  

what firewall do you use that has the optional port?? that sounds like it would work good here.
0
 

Author Comment

by:themodusoperandi
ID: 16742447
I'm guessing you're talking about the Sonicwall TZ170??
0
 
LVL 2

Expert Comment

by:johnrmorris
ID: 16743118
I use watchguard III 700 and a watchgaurd X class, which are both for larger networks 25-100, but they make soho's which are smaller. I'm not sure if the Sohos have the Optional port. But, a quick check on Watchgaurd.com should let you know. Let me know if you don't find the info you need.

John
0
 
LVL 1

Expert Comment

by:blackfox_01
ID: 16743538
The Watchguard Series firewalls are very nice and easy to manage.  I have a Watchguard 1000 and it is very nice to work with.   The optional port is easy to configure.
0
 
LVL 2

Expert Comment

by:johnrmorris
ID: 16746319
The Sonicwall above is good, too. Another choice can be Netscreen 5gt. It is scaleable by licensing and has a home/work settings that can be set to individual ports. Easy to setup, so I've been told by by cisco expert friend.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question