Hey all,
Little background info:
- Took the CCNA1-4 via college course about 3 years ago, haven't used the knowlege since
- most of my experience in the real world has been non-managed networks, but taking care of Windows Terminal Servers.
- basically I think I need to re-educate myself
Current Network:
Windows Domain
45 workstations
4 buildings
Breakdown
Head Office:
- Main Distribution point
- WAN: Cisco Router and DSL modem owned by provider
- Firewall: WatchGuard Firewall (/w 5 VPN connections)
- 1 x 48 port Managed Switch (acting as simple switch)
- Windows SBS 2003 server with Exchange, SQL, and using VPN here as well
- We have about 6 other switches that are not managed in the build
- 1 cable run through building. At the end of this building is a fiber connection to the next building
- 15 workstations
BUilding 2:
- Fiber connection from Head Office
- 1 single CAT 5e from Fiber switch to Unmanaged Switch (Switch 1)
- 1 single CAT 5e from unamanaged switch to half-way point of building where we have another unmanaged switch (Switch 2)
- 1 single CAT 5e from from Switch 1 to another small building (building 4) with a small unmanaged switch and 2 workstations
- 1 single CAT 5e from Switch 2 - to end of building, underground to building 3
- 1 Workstation attached to Switch 2
Building 3:
1 x 24 port Managed Switch with connection from Building 2 (this switch being used as a normal switch)
25 workstations in here, various distances with small workstation switches throughout.
Working with new equipment:
- we upgraded DSL (cheaper) to a 5 Static IP package, this is a seperate circuit for now - so I can configure everything and
not disrupt current services.
- using test PC and connection on this DSL to make sure most everything is working.
- Purchased 871w to replace their router and to replace our Firewall which has a faulty nic and is limited in functionality.
- 6 months from now, adding Fortigate 100A Appliance
- over next 2 years - all switches will be managed
First question: Anyone have a real good resource on how inside local, inside global, outside local, outside global works for ACL's? Isn't there something similar for NAT/PAT?
Second Question: Just looking for some best practice solutions. Should I bother with VLAN's at this time, just leave everything on VLAN since
there can be no real seperation throughout the company. Suggestions?
Outside Services required:
- Webmail - using OWA:
- host header: webmail.companyname.com
- can the router block all requests to this that are made via port 80 and allow the HTTPS ones through?
- since i have 5 statics, using NAT can I have one of the external IP's used for webmail... this can be done using static NAT and firewall rules?
- Exchange Server forwards all SMTP requests to ISP mail server.
- No RDP directly to network resources without vpn activity - taken care of implicet deny.
- Will it be possible to use my other 4 static IP's, say I create a DNS entry for ftp.companyname.com. I assume a static entry in NAT will take care of sending all requests to another network box.
VPN:
Will require VPN connections, there seems to be a ton of different ones. What is the easiest to create for a few home systems
that the VPN client can be installed and configured? Can this be managed with a push policy, can different user accounts be
created with different policies:
i.e: * Steve logs in via VPN, can RDP to a desktop to access server resources but I don't want him to be able to connect to \\serverip\share
* Bob is a user, bob currently vpn's and obtains an IP 10.0.0.249, bob shares a printer that we use to print to. I don't want bob to be able to access any other resources on our network, but users can print to Bob's remote printer.
I'm over thinking all this, and getting confused - a nice simple step approach required - I feel like I'm drowning -lol
