Cisco 871w and LAN (What did I get myself Into!)

Unanswered Question
Jul 31st, 2008
User Badges:

Hey all,

Little background info:

- Took the CCNA1-4 via college course about 3 years ago, haven't used the knowlege since

- most of my experience in the real world has been non-managed networks, but taking care of Windows Terminal Servers.

- basically I think I need to re-educate myself

Current Network:

Windows Domain

45 workstations

4 buildings


Head Office:

- Main Distribution point

- WAN: Cisco Router and DSL modem owned by provider

- Firewall: WatchGuard Firewall (/w 5 VPN connections)

- 1 x 48 port Managed Switch (acting as simple switch)

- Windows SBS 2003 server with Exchange, SQL, and using VPN here as well

- We have about 6 other switches that are not managed in the build

- 1 cable run through building. At the end of this building is a fiber connection to the next building

- 15 workstations

BUilding 2:

- Fiber connection from Head Office

- 1 single CAT 5e from Fiber switch to Unmanaged Switch (Switch 1)

- 1 single CAT 5e from unamanaged switch to half-way point of building where we have another unmanaged switch (Switch 2)

- 1 single CAT 5e from from Switch 1 to another small building (building 4) with a small unmanaged switch and 2 workstations

- 1 single CAT 5e from Switch 2 - to end of building, underground to building 3

- 1 Workstation attached to Switch 2

Building 3:

1 x 24 port Managed Switch with connection from Building 2 (this switch being used as a normal switch)

25 workstations in here, various distances with small workstation switches throughout.

Working with new equipment:

- we upgraded DSL (cheaper) to a 5 Static IP package, this is a seperate circuit for now - so I can configure everything and

not disrupt current services.

- using test PC and connection on this DSL to make sure most everything is working.

- Purchased 871w to replace their router and to replace our Firewall which has a faulty nic and is limited in functionality.

- 6 months from now, adding Fortigate 100A Appliance

- over next 2 years - all switches will be managed

First question: Anyone have a real good resource on how inside local, inside global, outside local, outside global works for ACL's? Isn't there something similar for NAT/PAT?

Second Question: Just looking for some best practice solutions. Should I bother with VLAN's at this time, just leave everything on VLAN since

there can be no real seperation throughout the company. Suggestions?

Outside Services required:

- Webmail - using OWA:

- host header:

- can the router block all requests to this that are made via port 80 and allow the HTTPS ones through?

- since i have 5 statics, using NAT can I have one of the external IP's used for webmail... this can be done using static NAT and firewall rules?

- Exchange Server forwards all SMTP requests to ISP mail server.

- No RDP directly to network resources without vpn activity - taken care of implicet deny.

- Will it be possible to use my other 4 static IP's, say I create a DNS entry for I assume a static entry in NAT will take care of sending all requests to another network box.


Will require VPN connections, there seems to be a ton of different ones. What is the easiest to create for a few home systems

that the VPN client can be installed and configured? Can this be managed with a push policy, can different user accounts be

created with different policies:

i.e: * Steve logs in via VPN, can RDP to a desktop to access server resources but I don't want him to be able to connect to \\serverip\share

* Bob is a user, bob currently vpn's and obtains an IP, bob shares a printer that we use to print to. I don't want bob to be able to access any other resources on our network, but users can print to Bob's remote printer.

I'm over thinking all this, and getting confused - a nice simple step approach required - I feel like I'm drowning -lol

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion