I want to implement and Confgure High Secure Internet Solution
The Solution initially provides for the following main services:
* Internet Browsing for LAN Users
* Internet Browsing for remote users via dial-in Analog/Digital telephone lines
* Caching frequently used sites into local engine to enable faster and fresh access to commonly used information
* WEB/DNS Server to run Web site. (Based on ASP and online payment and collecting tender documents)
* Firewall system to prevent illegal access to his network
* Intrusion detection service for protection against potential intruders
The Solution shall be capable and ready to integrate additional services in future phases without changing the initial phase, such as
* Messaging services between the users
* URL filtering services to prevent access to certain sites during certain periods
* Anti-Virus protection for all the Mail, HTTP, FTP traffic
* International Access to his network over the Internet using VPN
Shall be modular router with integrated modems module supporting at least 8 concurrent connections; we need two alternatives one with 8 Analog modems and the other shall be a digital modular router with 8 digital modems module (56Kbps)
Authentication, Authorization and Accountability Software
Shall be part of the initial proposal, this software shall have the latest version and shall run on Windows 2000 Advanced Server or Windows 2000 professional operating system
Shall be Hardware/Software with latest secure firewalls technologies such as full inspection supporting VPN
To connect to the internet via a 64k leased line, having at least one WAN port (supports upto 2Mbps), One Fast Ethernet port and software with IP features set. An X21 cable to connect to Internet Service Provider DDN modem is also required to be included along with the router
Shall be provided as part of the initial requirement to act as a proxy and a local repository for frequently accessed sites, sized properly to address the current needs and scalable interms of disk storage and memory to address future needs. The engine shall have at least two fast Ethernet ports.
Operating System and Software
we have to quote the needed Operating Systems and Software for the proper operation of the solution within the relevant client access licenses (a maximum of 25 Desktops), must be latest versions with latest service packs
Fast Ethernet Switch
We need the necessary Switch for the solution that connects seamlessly with the existing LAN switches and ready for future expansion phase.
The solution (Networking) components must be minimum as per CAT6 standard
We need detailed design drawings along with the solution, clearly demonstrating the levels of security offered. the DMZ concept shall be deployed as well as any other security considerations on the Firewall
We need suitable UPS for the solution
Training Course for the above solution
We need the following components for the future expansion
* Messaging Services with required hardware and software products
* URL Filtering software that runs on the cache engine
* VPN connectivity option with all the necessary HW and SW products
* An alternative for 16 Analog modems for the access server instead of 8 modems
* An effective Anti-Virus SW suite that covers servers, Emails, HTTP and FTP data
Don't forget to manage your bandwith. You indicated a lot of services passing through your Internet connection. Then you shall considered a bandwith manager, see http://www.networkcomputing.com/1211/1211f3.html. Even, if Packeteer didn't post a product for testing in this review, it's my prefered product for this purpose.
Also, you mentionned a 64 kbps for Internet connection, this seems a very low speed link for your needs. You should consider something higher, like 256kbps & more.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...