Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
4
Replies

Please help

ramesys12
Level 1
Level 1

‎06-08-2006 03:16 AM - edited ‎03-03-2019 03:33 AM

I posted this earlier in the security forum and I think it is not the right place to ask this question so I have posted it here...apologise if you feel this is a cross post.

Currently this site in questions has the following.

*************************

Existing hardware :

1) PIX 515E

2) BT ADSL router

3) LAN servers behind the PIX ( includes hosted services )

*****************************************************

Now the question is a mix of two things.

1) The customer would like to add wireless support to the LAN for mobile users from satellite offices and local offices. so which is the best Wireless box from cisco with scalaibilty for coming 5 years.

2) Replace the BT rotuer with a cisco rotuer ( not sure which is the best )

3) Buy a new 24 port switch which would replace the current HP Procurve for good.

***********************************

Key elements :

The wireless security is a big issue for all of us so considering the existing hardware + the ones which we will be replacing what would be the best way to integrate it all i.e. should we use the PIX additional card to secure it further ? wireless in a different lana dn than route it back in the network in some way.

The key thing we need to keep in mind is the site has a pool of 5 / 7 ip address for different purporse out of which

1) one resides static on the BT rotuer WAN int

2) PIX WAN int ( outsdie )

3) additional two are mapped on the pix to internal servers.

So we dont want to create another lan with internal private ip addressing between the BT rotuer ( future cisco ) as mentioned above the pix outside int also has a live static ip from BT.

If someone can provide some explaination on the design will be great and some pdf links to read in more detail.

cheers

any helps will be helpful.

Labels:
0 Helpful
4 Replies 4

dbakula01
Level 1
Level 1

‎06-08-2006 05:22 AM

i am having trouble with your questions but i think this is what you want.

an 871 router will be at the low end of what you want, the procurve should still work fine for what you are doin. the next step up would be the 1800 series and then the 2800 series if you want to start gettting up there. i might not understand your question fully though

0 Helpful

ramesys12
Level 1
Level 1
In response to dbakula01

‎06-08-2006 06:29 AM

One question about the switch i think is answered where I need to go with it.

As for the ADSL router 871 the question is the existing BT router died 2 days back and so BT have said it is no longer under cover with them so to get them up and running imediately they bought a Netgear 834 ADSL rotuer now the PIX does not work with this Netgear box.

----Internet

|ADSL line

|

----netgear box with ip 1.1.1.1 ( outside )

|

|

----netgear box lan ip 192.168.0.1 ( inside )

|

|

-----PIX ( outside ) 1.1.1.2

|

|

-----PIX ( inside ) 10.10.10.254

now users from the 10 subnet cannot go out as the pix wan and netgear lan are not on the same and they dont like each other....

I am not sure hwo the BT rotuer was configured and the features of it as well as BT never provided access to this box.

To get this situation working for now we changed the 192.168.0.1 range to the 10.10. range and now it works and we have switched off the pix temporarily....

SO we wanted to make sure that the cisco router get for ADSL should enable us to have the old configuration which is a static (live) ip on pix (outside) and also static (live) ip on the cisco ADSL (outside)

as we intended to do all the firewalling on the pix and not the ADSL router....

**********************************************

As for the wirless part is concerned we were looking to buy a cisco wireless AP and make sure we can use the pix to add additional layer of security in some way if not we will only rely on WEP which can be hacked easily...

So which AP to buy

&

What design considerations should we take into account.

I do apprecaite your earlier reply.

cheers

0 Helpful

ramesys12
Level 1
Level 1
In response to ramesys12

‎06-09-2006 12:38 AM

Can anyone advise further on this I am sure many of us here would have encountered this situation.

cheers

0 Helpful

sean
Level 3
Level 3

‎06-09-2006 05:36 AM

Your netgear was doing nat on everything sitting behind it, which is why your pix was not working (you had a static IP on the outside for which your netgear had no routing information for). If you wanted to save money, you could probably get a cisco 1710 and configure it for DHCP (assuming the provider hands an ethernet connection) or PPPoE or PPPoA (depending on what your provider hands you. Then your inside interface on your router would be in the same subnet as the outside interface of your pix (with nat occuring on your pix). From there, you can create separate physical interfaces (assuming you have spare nics in your pix) or logical subinterfaces and use vlans on your switch to chop your network up how you want it. Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents