guys we have a scenario where we have to put 10 servers now the exsisiting environment has a WAN router (private WAN which connected to core network) through MPLS cloud from service provider. It has a 3750 switch as well connected to the WAN router. Now the new scenario is that we have to put 10 new servers in which we will have one webserver (public will connect through Internet). The other servers are billing and other servers. From core pppl will be connecting to the billing server and other servers but not the webserver.
The solution is that we have to get Internet connection 10M for the webserver and its a requirement that no one from out side shd connect to the webserver....there are many host already connected to the 3750 switch which has to be connecting to the newly build servers (some of the server not all ) the client has requirement that 4 servers shd be part of one DMZ and webserver shd be in alone DMZ and other servers has to be in different DMZ.........guys what would be the best approach to do this....where the firewall will sit and what is teh way to do it...i m v new to this a nice help and professional advice would be really appreciated....secondly the client has ask that they want some solid security ading a intrusion detection what shd be my choice as i have never used one before....all i am saying is that how the network shd be physically connected etc
Hi there, to get you started it will be nice if you could attach a basic digram topology of your current network that includes where current servers are, your internet perimeter etc.. and new diagram depicting your new requirements, where will the 10MB internet be provisioned etc.. puting a visual pic will help us to grasp your new requirements and provide some recomendations... also include what firewalls you have asa? pix? codes?
From your description sounds like your new requirements is to deploy new 10 Servers where the existing server farms is in the 3760? and one of the 10 servers (webserver) will be for public use and not to be access by internal users? Im not to clear on this one since your next parograph indicates the new solution 10MB will not permit outside users to connect to Webserver..
I think a current net diagram and new solution diagram will definately help, could you post that?
Thanks for your kind reply.....now i will explain it again.....as i am at customer site which is v remote and i dont have any visio other wise i would have draw a nice diagram....i will explain it again
a 2821 router conecting to 3750 swicth and host are conecting to that swicth.2821 is conected to wan (private wan which conects back to the core network)
the wan will remain the same but now we have to get a internet conection and add 7 servers to the environemnt in which one will be the webserver so that ppl from internet can access it but the servers shd not talk to each other so all servers have to be in different DMZ it has to be in different DMZ all the host are suppoose to talk to the servers but not webserver.no w my question is that what should b ethe scenario to put firewallshd be attach the servers to the exsisitng swicth or we get another swicth to add the servers and trunk it to the firewall.....in terms of firewall what firewall shd we get.....in terms of DMZ i try to search on cisco site but it doesnt tell about how many DMZ you can have in one firewall .....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...