Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 871w and LAN (What did I get myself Into!)

Hey all,

Little background info:

- Took the CCNA1-4 via college course about 3 years ago, haven't used the knowlege since

- most of my experience in the real world has been non-managed networks, but taking care of Windows Terminal Servers.

- basically I think I need to re-educate myself

Current Network:

Windows Domain

45 workstations

4 buildings

Breakdown

Head Office:

- Main Distribution point

- WAN: Cisco Router and DSL modem owned by provider

- Firewall: WatchGuard Firewall (/w 5 VPN connections)

- 1 x 48 port Managed Switch (acting as simple switch)

- Windows SBS 2003 server with Exchange, SQL, and using VPN here as well

- We have about 6 other switches that are not managed in the build

- 1 cable run through building. At the end of this building is a fiber connection to the next building

- 15 workstations

BUilding 2:

- Fiber connection from Head Office

- 1 single CAT 5e from Fiber switch to Unmanaged Switch (Switch 1)

- 1 single CAT 5e from unamanaged switch to half-way point of building where we have another unmanaged switch (Switch 2)

- 1 single CAT 5e from from Switch 1 to another small building (building 4) with a small unmanaged switch and 2 workstations

- 1 single CAT 5e from Switch 2 - to end of building, underground to building 3

- 1 Workstation attached to Switch 2

Building 3:

1 x 24 port Managed Switch with connection from Building 2 (this switch being used as a normal switch)

25 workstations in here, various distances with small workstation switches throughout.

Working with new equipment:

- we upgraded DSL (cheaper) to a 5 Static IP package, this is a seperate circuit for now - so I can configure everything and

not disrupt current services.

- using test PC and connection on this DSL to make sure most everything is working.

- Purchased 871w to replace their router and to replace our Firewall which has a faulty nic and is limited in functionality.

- 6 months from now, adding Fortigate 100A Appliance

- over next 2 years - all switches will be managed

First question: Anyone have a real good resource on how inside local, inside global, outside local, outside global works for ACL's? Isn't there something similar for NAT/PAT?

Second Question: Just looking for some best practice solutions. Should I bother with VLAN's at this time, just leave everything on VLAN since

there can be no real seperation throughout the company. Suggestions?

Outside Services required:

- Webmail - using OWA:

- host header: webmail.companyname.com

- can the router block all requests to this that are made via port 80 and allow the HTTPS ones through?

- since i have 5 statics, using NAT can I have one of the external IP's used for webmail... this can be done using static NAT and firewall rules?

- Exchange Server forwards all SMTP requests to ISP mail server.

- No RDP directly to network resources without vpn activity - taken care of implicet deny.

- Will it be possible to use my other 4 static IP's, say I create a DNS entry for ftp.companyname.com. I assume a static entry in NAT will take care of sending all requests to another network box.

VPN:

Will require VPN connections, there seems to be a ton of different ones. What is the easiest to create for a few home systems

that the VPN client can be installed and configured? Can this be managed with a push policy, can different user accounts be

created with different policies:

i.e: * Steve logs in via VPN, can RDP to a desktop to access server resources but I don't want him to be able to connect to \\serverip\share

* Bob is a user, bob currently vpn's and obtains an IP 10.0.0.249, bob shares a printer that we use to print to. I don't want bob to be able to access any other resources on our network, but users can print to Bob's remote printer.

I'm over thinking all this, and getting confused - a nice simple step approach required - I feel like I'm drowning -lol

1 REPLY
118
Views
0
Helpful
1
Replies