07-31-2008 05:40 AM - edited 03-06-2019 12:33 AM
Hey all,
Little background info:
- Took the CCNA1-4 via college course about 3 years ago, haven't used the knowlege since
- most of my experience in the real world has been non-managed networks, but taking care of Windows Terminal Servers.
- basically I think I need to re-educate myself
Current Network:
Windows Domain
45 workstations
4 buildings
Breakdown
Head Office:
- Main Distribution point
- WAN: Cisco Router and DSL modem owned by provider
- Firewall: WatchGuard Firewall (/w 5 VPN connections)
- 1 x 48 port Managed Switch (acting as simple switch)
- Windows SBS 2003 server with Exchange, SQL, and using VPN here as well
- We have about 6 other switches that are not managed in the build
- 1 cable run through building. At the end of this building is a fiber connection to the next building
- 15 workstations
BUilding 2:
- Fiber connection from Head Office
- 1 single CAT 5e from Fiber switch to Unmanaged Switch (Switch 1)
- 1 single CAT 5e from unamanaged switch to half-way point of building where we have another unmanaged switch (Switch 2)
- 1 single CAT 5e from from Switch 1 to another small building (building 4) with a small unmanaged switch and 2 workstations
- 1 single CAT 5e from Switch 2 - to end of building, underground to building 3
- 1 Workstation attached to Switch 2
Building 3:
1 x 24 port Managed Switch with connection from Building 2 (this switch being used as a normal switch)
25 workstations in here, various distances with small workstation switches throughout.
Working with new equipment:
- we upgraded DSL (cheaper) to a 5 Static IP package, this is a seperate circuit for now - so I can configure everything and
not disrupt current services.
- using test PC and connection on this DSL to make sure most everything is working.
- Purchased 871w to replace their router and to replace our Firewall which has a faulty nic and is limited in functionality.
- 6 months from now, adding Fortigate 100A Appliance
- over next 2 years - all switches will be managed
First question: Anyone have a real good resource on how inside local, inside global, outside local, outside global works for ACL's? Isn't there something similar for NAT/PAT?
Second Question: Just looking for some best practice solutions. Should I bother with VLAN's at this time, just leave everything on VLAN since
there can be no real seperation throughout the company. Suggestions?
Outside Services required:
- Webmail - using OWA:
- host header: webmail.companyname.com
- can the router block all requests to this that are made via port 80 and allow the HTTPS ones through?
- since i have 5 statics, using NAT can I have one of the external IP's used for webmail... this can be done using static NAT and firewall rules?
- Exchange Server forwards all SMTP requests to ISP mail server.
- No RDP directly to network resources without vpn activity - taken care of implicet deny.
- Will it be possible to use my other 4 static IP's, say I create a DNS entry for ftp.companyname.com. I assume a static entry in NAT will take care of sending all requests to another network box.
VPN:
Will require VPN connections, there seems to be a ton of different ones. What is the easiest to create for a few home systems
that the VPN client can be installed and configured? Can this be managed with a push policy, can different user accounts be
created with different policies:
i.e: * Steve logs in via VPN, can RDP to a desktop to access server resources but I don't want him to be able to connect to \\serverip\share
* Bob is a user, bob currently vpn's and obtains an IP 10.0.0.249, bob shares a printer that we use to print to. I don't want bob to be able to access any other resources on our network, but users can print to Bob's remote printer.
I'm over thinking all this, and getting confused - a nice simple step approach required - I feel like I'm drowning -lol
08-01-2008 07:02 AM
try the following links
inter vlan
NAT
how NAT works
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml
VPN
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml
useful vpn links
http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_configuration_examples_list.html
good luck
Please, if helpful Rate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: