Network Design
- From: "Network Administrator" <shivi@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 30 Jul 2001 13:14:54 +0300
Hi Guys,
I have some requirements and have some network designs for them.
I need your comments and suggestions.
My LAN comprises of ,
1 cisco 2501 router,3 Cisco switches (24 port) and one set of class C IP
addresses.
Public Web servers, mail servers, SQL servers and users.
one PDC and 2 BDC's
Currently all the Switches are connected to the Router and all computers are
assigned public IP's
Requirements.
To control the internet access of the local users and to have better security.
Some internal users need public IP address.
The design
1)
ISA server in a DMZ senario.
Internet
|
Router
|
Switch (Public IP users)
|
ISA Server -- Switch -- DMZ (public servers)
|
Switch (Local users (secureNAT))
|
LAT
2)
Slightly different DMZ
Internet
|
Router
|
ISA Server -- Switch -- DMZ (public servers and users)
|
Switch+Switch (Local users (secureNAT))
|
LAT
3)
Normal ISA
Internet
|
Router
|
Switch (Public IP users and Public servers)
|
ISA Server
|
Switch+Switch (Local users (secureNAT))
|
LAT
4)
Restric using the Router
Without seperating the local user and the public ip servers in different
switches, force the local users to go through
the ISA server by access lists in the router. (router will permit traffic only
from the ISA server and from the other public servers)
I might have a problem in all these 3 senarios, when authenticating local and
public IP users in the Domain, using the same Domain controller. But for this i
think i can have 2 NIC's in the PDC and have both local and public IP's
assigned.
So guys,,,its a long story and i need the help you guys.
any completely different designs are also welcomed.
Thanks for your time
shivi
Other related posts:
