Network Upgrade - Cisco Wireless - DMZ - ISA? SBS 2K3
Hi All
I am about to upgrade a network of 20 local clients, 3 laptops and 12 remote Terminal Server users. The upgrade involves migrating (swing migration) from the current SBS server (P4 Spec.... bad) to a new Xeon Dual core with SBS 2K3 on it. I will be bringing in a Cisco 877-WGA-K9 Integrated Services Router with Wireless into this environment, It is a 2 Nic setup as follows:
255.0.0.0 SN | 255.255.255.0 SN
Cisco 877 -------- SBS 2003 DC ---------------24p Switch-------------Clients
| |
| |
| Terminal Server
Wireless Clients
I guess i have several questions
1: Currently ISA is not installed and am wondering whether the Cisco 877 will be sufficient security wise?
2: I will use the Cisco security software for connecting wireless clients to the router, what options do i have for connecting to my intranet? VPN? do i need ISA?
3: What main issues will i encounter with this set up and what steps can i take to avoid them?
I believe ISA was on there in the past and they (hopefully) have backups of settings etc so it is an option to put it back on. I will be migrating the settings off their current server to a new one using Swing Migration and so would like to get everything perfect for when the upgrade is complete.
Regards
Gavin McMillan
I am about to upgrade a network of 20 local clients, 3 laptops and 12 remote Terminal Server users. The upgrade involves migrating (swing migration) from the current SBS server (P4 Spec.... bad) to a new Xeon Dual core with SBS 2K3 on it. I will be bringing in a Cisco 877-WGA-K9 Integrated Services Router with Wireless into this environment, It is a 2 Nic setup as follows:
255.0.0.0 SN | 255.255.255.0 SN
Cisco 877 -------- SBS 2003 DC ---------------24p Switch-------------Clients
| |
| |
| Terminal Server
Wireless Clients
I guess i have several questions
1: Currently ISA is not installed and am wondering whether the Cisco 877 will be sufficient security wise?
2: I will use the Cisco security software for connecting wireless clients to the router, what options do i have for connecting to my intranet? VPN? do i need ISA?
3: What main issues will i encounter with this set up and what steps can i take to avoid them?
I believe ISA was on there in the past and they (hopefully) have backups of settings etc so it is an option to put it back on. I will be migrating the settings off their current server to a new one using Swing Migration and so would like to get everything perfect for when the upgrade is complete.
Regards
Gavin McMillan
ASKER
Hi Jeff
Thanks for your comment!, the new Server does have Premium so i guess I may aswell install ISA. Will cross that bridge at the time.
Just for clarification on the wireless clients, would you
Set up a vlan and have them VPN in?
Or
Have the CISCO 877 manage 2 External IP Addresses and have them connect via VPN that way?
The cost for an extra 4 IP's is only $20.00 extra per month so i think i will probably go with having the CISCO Manage the IP's and VPN in.
Anny suggestions on what i can do with 3 spare IP's????
Regards
Gavin
Thanks for your comment!, the new Server does have Premium so i guess I may aswell install ISA. Will cross that bridge at the time.
Just for clarification on the wireless clients, would you
Set up a vlan and have them VPN in?
Or
Have the CISCO 877 manage 2 External IP Addresses and have them connect via VPN that way?
The cost for an extra 4 IP's is only $20.00 extra per month so i think i will probably go with having the CISCO Manage the IP's and VPN in.
Anny suggestions on what i can do with 3 spare IP's????
Regards
Gavin
ISA server gives you one of the best application layer gateways in the world and you've got it as part of the Premium version :) Yes, I would definitely install it.
SBS is adept at managing the solution with only one IP address, its yet another thing that makes it such a great product. Hoever, as Jeff has suggested another of the IP's could be used to create the VPN tunnel.
Were there defintely four useable IP addresses?
SBS is adept at managing the solution with only one IP address, its yet another thing that makes it such a great product. Hoever, as Jeff has suggested another of the IP's could be used to create the VPN tunnel.
Were there defintely four useable IP addresses?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
However, if that's not the case, or if you are buying Premium Edition on the new server as well, then don't worry too much about configuration settings because like all things on SBS, ISA is configured automatically with a wizard for most main settings.
You don't need ISA to use SBS's native VPN, you just need to enable PPTP Passthrough on the Cisco Router. For wireless clients, if the machines are not members of the domain, then configuring it on the router is fine... I'd suggest that you create a separate Virtual Cirtuit for it though and use a separate IP Subnet and Public IP if you have another one available. Then if those clients need access to the domain they would connect via SBS's VPN Connection Manager.
If there are wireless clients that are members of the domain, I'd just add a simple Linksys Wireless Access point somewhere within the LAN.
Make sure that the Terminal Server is joined properly (http://sbsurl.com/sbstss) so that it can be accessed via Remote Web Workplace, or if you want direct access you can configure port 3390 for it... this would need to be done in the router, as well as on SBS (in ISA if you use it, or in RRAS otherwise).
Jeff
TechSoEasy