elzorno
join:2001-12-08
South Shore, KY | [Info] Class Project.. I am a student in Networking program that uses all cisco hardware. To make things fun our instructor has given us the assignment to "create" a small business. We are supposed to create a remote access system for our virtual business. This system has to provide network services on the LAN side (LDAP, DHCP, and NAT) and also has to have a remote access portion that includes a web server and email server.
We are tasked with using only the equipment in the class room. 3 Cisco 2911 routers and 5 24 port switches. We have many computers to set up as servers.
Our first assignment is to try to find information from professional admins and get ideas about how we can set this up.
If anyone has a few spare moments and could give us some "tips from the experts" we would appreciate it.
Thank you. |
|
|
|
 PaulgDisplaced YooperPremium
join:2004-03-15
Neenah, WI
kudos:1 | 1st tip - learn what terms to plug into google. What you're asking for is not complicated at all.
2nd tip - you only really need 2 devices to do this. |
|
| reply to elzorno
said by elzorno:Our first assignment is to try to find information from professional admins and get ideas about how we can set this up. So your first assignment is to find someone else to do your assignment for you? I'm not knocking on you... well... maybe a little. But what you're trying to do isn't too hard and Google is a wonderful tutor.
--
"There are two American flags flying on the property I reside on. Anyone who tries to take them down will be rendered inoperative." -Lindy |
|
elzorno
join:2001-12-08
South Shore, KY | I think the main goal of the assignment was to see what other people said about the security or if anyone would suggest Windows as a server, things like that. We have a basic outline of what we will set up, but he was hoping that someone would say .."Dont use windows as your firewall." Or "be sure to set up an ACL on your router." I think it was more to see if anyone "in the real world" would say to do things differently then our text book. Both comments have been right in line with what we are doing. Google has been more of a help then our text book.
Thank you guys for your time. |
|
 TomS_Git-r-donePremium,MVM
join:2002-07-19
Ireland
kudos:1 | reply to elzorno
I think the reason you might be getting some "negative" feedback so far is because your original post was too vague. Theres nothing in there like "we are thinking of doing x, y, and z in such and such a way, what do you think?".
At least then we can provide pointers on what we think should be done differently, how we think it would be done better, and elaborate on your existing ideas.
Otherwise, youre going to get typical questions back in return along the lines of "so what do you even want to achieve?!?!?!??", and as above those who suspect youre just looking for someone to do your work for you. We need some meat on the bone to chew at, so to speak, is basically what everyone is getting at.  |
|
| reply to elzorno
Too many variables to consider to be able to provide descent suggestions....at least If you have a topology, then suggestions/critique can be provided |
|
| reply to elzorno
2911 has 3 GigE ports, so logically, one interface should go to your WAN.
The 2nd for your DMZ (web and email server) and could potentially
have a switch hanging off of it for additional connectivity. The last
interface should be for the LAN and will definately have a switch hanging
off of it.
As for security... the sky's the limit.
Regards |
|
2 edits | reply to elzorno
Being that I personally would never accuse anyone of looking for someone else to do their work for them, seeing this is a "help" forum, "I'll" make the assumption you're just looking for a finger to "point the way" so to speak.
As was mentioned, you can get a away with this using only 2 routers but in my attached example, I illustrated 3.
Before proceeding, you'll want to do the following (in my opinion):
Step #1: Map it out (i.e., ip range, protocols, etc...)
Step #2: Inventory your equipment to see if the functionality exists for what you're trying to achieve
Step #3: Decide if you're going to work from the "inside out" (LAN connections first) or the "outside in" (WAN connections first).
My one "giveaway" for this is that you'd probably want to go with a "site-to-site" vpn configuration to protoctect the traffic.
See if this is good enough to build your foundation around.
Jay |
|
elzorno
join:2001-12-08
South Shore, KY | reply to elzorno
Thanks for all the info. We have already set up a simple diagram using the three interfaces on the router as wan/DMZ/Lan. The wan connection will go to our DSL modem, the DMZ will be a switch with our web server and our email server, and the Lan will have a switch that will connect all of our "employee" computers.
The VPN idea is one that we have been researching. We are in two teams and each team represents a field office. We are supposed to connect the two "offices." We will use VPN for that like the drawing shows. We are also supposed to allow users at home to access the network. We are going to use VPN for that also.
Everyone has been a great help. Even the posts that seemed less then helpful really showed us that we need to at least have an idea what we are asking for before we ask a question. All of your tips have been great and once again, Thank you all. |
|
