Solved

rearrange network topology

Posted on 2006-07-03
13
376 Views
Last Modified: 2010-03-19
Please tell me what steps shall I take (in detail) to arrange my network.  Here is the scenario..

Before our domain has 4 different sites.  One in New York, One in Texas, 2 are in California.  The main headquarter is here in Los Angeles, CA.  We used to have frame relay and voice over frame.  We have a T1 that is divided for voice and data.  Now, all our sites is consolidated to one location only the main headquarter.  We do not have frame relay anymore since we only have one network in one location (but has two building in same lot).  We still have T1 for voice and data.  Due to consolidation we now do not have a router.  The only thing we have are the following:  router from telecom for our internet and voice.  Patch panel, switches and PIX firewall.  We also have ISA2004 server.  Our network (hardware wise) is so intertwined that I want to simplify it.  

What I want to accomplish is put the PIX firewall between router of telecom and my switches, but I am having a hard time analyzing how to do it because of my complicated network topology.

At the moment I have the following:

From Cisco Pix Firewall is a white cable using port Ethernet0 to a linksys hub (old one)
From Cisco Pix Firewall using port Ethernet1 is a blue cable to another netgear hub (old one)

From no 5 port of Netgear is a red cable to Fiber Optic 10base100 TX port

From Linksys hub using port 2 is a yellow cable to #48 patch panel (this is for our internet)
Frolm Linksys hub again using port 7 is a blue cable to no. 12 of one of the switches.

The switches are connected to each other at the back.

How can I make my network topology from router of telecom --> pix firewall --> switches --> users and servers.  Please talke note that I have proxy using ISA2004.  How can I eliminate all the hubs?

By the way I also have 3 different networks (actually just two).
168 network from telecom company
11 network for pix
10 network for lan
Our proxy server (ISA2004) is in the 10 network.

Please help, how can I accomplish and make this topology simple?  Please send email to niorpar@yahoo.com

Sincerely,
3jmj
0
Comment
Question by:3jmj
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17031390
                                                                                                                          |------------Computer
                                                                                                                           |------------Computer
                                                                                                                           |------------Computer
                                                                                                                           |------------Computer
ISP 168 network -------PIX 11 network -------- ISA Server 10 network ------ SWITCH |------------Computer
                                                                                                                           |------------Computer
                                                                                                                           |------------Computer
                                                                                                                           |------------Computer
                                                                                                                           |------------Computer

You should connect the 2 buildings VIA fiber

eb

0
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17033298
>From no 5 port of Netgear is a red cable to Fiber Optic 10base100 TX port

What is this fiber optic 10base100tx port? Is this a media converter?

>From Linksys hub using port 2 is a yellow cable to #48 patch panel (this is for our internet)

You mean this is for you?
0
 

Author Comment

by:3jmj
ID: 17069913
Knightrider2k2:
yes, the red cable is in the coverter (fiber optic) to connect the 2 buildings.

the yellow cable is for the internet of the network.

EBJERS:
Yes the building is connected via fiber.  So you mean I have to connect my ISA SERVER directly to the pix firewall then to the switch?

If that is the case is there a particular port of the switch where I should put my ISA SERVER?

How can I connect PIX FIREWALL TO ISA SERVER?  directly using Ethernet 0 port?

Please help!!!
0
 

Author Comment

by:3jmj
ID: 17069914
EBJERS:
My pix firewall has 2 ethernet port.  Can I directly connect ISP cable directly to one of the ethernet port of pix and the other ethernet port should be connected to my ISA SERVER?

With the network topology you had given above, will my users be able to connect to internet, receive email and do vpn and ftp without any issues?

thank you,
3jmj
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17069992
3jmj

" So you mean I have to connect my ISA SERVER directly to the pix firewall then to the switch"  --- Depends on what you use the ISA for, let me know what is for and I will beable to answer you better"

"If that is the case is there a particular port of the switch where I should put my ISA SERVER" --- Any port is fine, I like to use the first or last myself

"How can I connect PIX FIREWALL TO ISA SERVER?  directly using Ethernet 0 port" --- Connect the PIX to the ISA either thrugh a switch (NOT THE SAME ONE THAT SERVS YOUR NETWORK) or a crosover cable to the inside port of the PIX (See below)

"My pix firewall has 2 ethernet port. " --- 1 port is an outside port to connect to the internet via your ISP, the other port is to connect to your network

"will my users be able to connect to internet" --- YES; if both the PIX and ISA are configured to allow the traffic your users will bable to get to web, email ...

eb
0
 

Author Comment

by:3jmj
ID: 17070516
Depends on what you use the ISA for, let me know what is for and I will be able to answer you better" = 3jmj: I have it as a proxy server.  All servers (except for ISA itself) and all workstations goes to the internet through ISA first.  In other words all computers and servers, the internet explorer under internet options Connections tab --> LAN settings is configured to point to ISA first before it goes to the internet and I have a web filter installed in ISA allowing users to only certain sites that are in the web filter.


Connect the PIX to the ISA either thrugh a switch (NOT THE SAME ONE THAT SERVS YOUR NETWORK) = 3jmj:  You mean like any (ex.) linksys switch, connect that to the PIX, then what?  From Linksys switch to where?  to the ISA?  If it is to the ISA server then, therefore, my ISA server should have 2 nic cards.  One for the LINKSYS SWITCH that is connected to the PIX and the other nic card should be connected from ISA SERVER to the 3com switch of out network?  What if my ISA SERVER has only one nic card?   If not, then how shall I connect the Linksys switch that is connected to the PIX to the ISA SERVER?

Please elaborate and thank  you ... 3jmj
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17071498
"I have it as a proxy server", then yes your ISA should have 2 NICs and you must also configure RRAS (you will need to consolt the web or a book for this, I don't use ISA so can't assist with config)

1 NIC of ISA server should be connected to the PIX and the other to your network

Unless you need the PROXY on your network, I would take ISA from the loop.  the PIX firewall is alredy providing you with a firewall for your network (the main fuction of ISA is as a firewall)

eb
0
 

Author Comment

by:3jmj
ID: 17077280
What do you mean RRAS?  Do I need that?  

thanx,
3jmj
0
 

Author Comment

by:3jmj
ID: 17077286
Dear Ebjers:

How can I take proxy out of my network?  As I have said I have web filtering software installed in it as well.  I would like to take Proxy out completely yes, but what about my web filtering software?

Please let me know....

thanx,
3jmj
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17077513
If you need your porxy and your web filter then leave the ISA server inplace.  

You will need 2 NICS in your ISA server, one connected to the PIX and one connected to the internal network

RRAS is routing and remote access (turns a Windows Server into a router).  I'm not sure if you will need this or not.  Since you are using ISA as a Proxy you may not need RRAS as no real routing is done.

eb
0
 

Author Comment

by:3jmj
ID: 17312455
I guess you can close this now, I tried it and unsuccessful, somebody from outside our company came and did something but to date I have no topology documentations from them.  I will open it again, after I get all their documentation so I can proceed on my own.  Thank  you,  3jmj
0
 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 500 total points
ID: 17314909
>>I guess you can close this now<<
This is how it works here (from the EE Guidelines):

What are my choices?
http://www.experts-exchange.com/Networking/help.jsp#hi67
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 17440414
While I appreciate the points, they were not merited. See here:
I accepted the wrong answer. Now what?
http://www.experts-exchange.com/Networking/help.jsp#hi17
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now