Hey all,
im a bit confused at the moment, our current setup is simply 1 box running everything, as when it was set-up there was only 3 employees. The box did exchange,dns,dhcp ... everything. Now with our impending office expansion and a proper I.T Budget i started thinking, we cant just have all our boxes internet facing etc.. as currently the one box is sat behind a standard router being DMZ out to the world. Now with our new line we get 16 lovely IP addresses that will be used for 2-4 servers depending on the whole firewall/vpn appliance needed.
Now my questions, for an office install like this do i need something like the ASA 5500 series or the juniper equivalent. If so how would i go about setting up the external IP's to route to the specific boxes? is it done through NAT on the ASA, also would that mean that the DNS server would sit outside the firewall? as it would have to route the web traffic to the web server behind the firewall? as you can tell ive not used a ASA at all, i had a small amount of experience on a PIX a while back but i didnt learn enough on it.
so my current idea is this:
Internet -- Firewall/VPN gateway -- DNS,DHCP,AD server -- OFFICE NETWORK incl exchange server and webserver/smtp etc...
or have i got this all wrong??
my confusion sets in when i think bout mail
as the DNS server is on the inside of the network, how would someone be able to mail to [email protected], as all the MX records are on the inside of the firewall. Also how would i be able to "promote" the DNS server so that these things can be resolved.
Also how would i go about giving public AND private IP's to the boxes? does each box need 2 network cards? 1 connected to the switch the firewall is connected to and 1 connected to the office network.
As you can tell im struggling. Luckily i have got time to sort this.
Many THanks
Angelos
if someone can help i will be very grateful
Also if someone can give me an idea about antivirus, i was thinking of going with nod32 for the clients and mail server, but whats the gateway one for??
im a bit confused at the moment, our current setup is simply 1 box running everything, as when it was set-up there was only 3 employees. The box did exchange,dns,dhcp ... everything. Now with our impending office expansion and a proper I.T Budget i started thinking, we cant just have all our boxes internet facing etc.. as currently the one box is sat behind a standard router being DMZ out to the world. Now with our new line we get 16 lovely IP addresses that will be used for 2-4 servers depending on the whole firewall/vpn appliance needed.
Now my questions, for an office install like this do i need something like the ASA 5500 series or the juniper equivalent. If so how would i go about setting up the external IP's to route to the specific boxes? is it done through NAT on the ASA, also would that mean that the DNS server would sit outside the firewall? as it would have to route the web traffic to the web server behind the firewall? as you can tell ive not used a ASA at all, i had a small amount of experience on a PIX a while back but i didnt learn enough on it.
so my current idea is this:
Internet -- Firewall/VPN gateway -- DNS,DHCP,AD server -- OFFICE NETWORK incl exchange server and webserver/smtp etc...
or have i got this all wrong??
my confusion sets in when i think bout mail
as the DNS server is on the inside of the network, how would someone be able to mail to [email protected], as all the MX records are on the inside of the firewall. Also how would i be able to "promote" the DNS server so that these things can be resolved.
Also how would i go about giving public AND private IP's to the boxes? does each box need 2 network cards? 1 connected to the switch the firewall is connected to and 1 connected to the office network.
As you can tell im struggling. Luckily i have got time to sort this.
Many THanks
Angelos
if someone can help i will be very grateful
Also if someone can give me an idea about antivirus, i was thinking of going with nod32 for the clients and mail server, but whats the gateway one for??
Last edited:
