I am setting up a small office network that is composed of the following:
Hardware:
- 1 Windows 2003 Enterprise server (R2)
- 3 to 5 Windows XP and Vista computers
Software / Services:
- An FTP site will be necessary for uploading files
- We will receive 5 static IPs from Verizon (DSL). One will be exclusively assigned to the FTP server.
- VPN using 2003 server
I have a basic idea of what needs to be done, but I am not too sure if this is the best way to do this.
I am planning on getting a firewall to go between the DSL modem and a router. However, I am not sure what kind of router/switch to use because I am not sure how to handle splitting the static IP addresses. The FTP server will need to reside on the 2003 server (either via IIS or Linux running in virtualization).
I also need to configure incoming VPN using Windows 2003 Server.
I would like to know what the Best Practices for this situation would be. I'm having a a hard time finding this info on the web.
Thank you!
2007-05-31 04:19:31 · 3 answers · asked by Anonymous in Computers & Internet ➔ Computer Networking
Your application is a bit more heavyweight that most.
First, you should use a router to interface with with the ISP. You cannot use the household grade ones. With 5 static IP addresses and an FTP server, etc you need something more robust. Check out www.adtran.com for Adtran units. Feel free to contact their prepurchase support and they will help a lot.
I would use the router to interface with Verizon. I would dedicate one static IP for FTP and probably use a dedicated XP box for FTP (rather than risk hackers on my server). I would put the FTP server in the DMZ so the router should be DMZ capable.
I would have the router control the IPSec VPN at the router level as well.
Let the server address LAN DHCP; assign static IP to the router, the server, and probably to print servers and the FTP server.
The router can direct the public IP addresses appropriately but this is a configuration matter - part of the config you need to do. Adtran will help to a large degree.
Because this is heavyweight, you may wish to get technical support locally.
2007-05-31 04:56:52 · answer #1 · answered by GTB 7 · 0⤊ 0⤋
This will be a pretty easy setup for someone with experience, but you may want to find some local support. Here's what I would do...
Verizon modem -> Pix Firewall -> 8 port switch
The pix firewall will give you a great deal of protection, allow you to assign addresses and setup VPN as well. You won't need a router since you'll only have one network.
The outside interface of the Pix will be the WAN address provided by Verizon. A global NAT pool will be created using the static addresses from Verizon while the inside computers will actually use private addresses, such as 192.168.x.x.
2007-05-31 07:55:16 · answer #2 · answered by escontra 2 · 0⤊ 0⤋
wireless use radio waves to deliver and get carry of archives between the units on your community. those radio waves and alerts holiday in the process the air between the units and as a effect the alerts could be intercepted by employing absolutely everyone who's contained in the vacinity that could desire to have suitable kit and application. somebody with malious reason could desire to be close by employing a workstation, intercepting instant alerts and stealing archives contained interior, this is no longer very person-friendly yet does take place. yet another extra person-friendly type of probability is the place a subsequent door neighbour could be connecting to a instant sign that has no longer been secured precise and 'stealing' the internet get admission to. this means that somebody who lives close by could desire to be employing your cyber web connection with out your expertise, traveling unlawful web content or performing criminality on line. it somewhat is as a result considerable which you shield any instant connection which you have on your place or enterprise. with a view to shield a instant connection, you utilize encryption. Encryption scrambles the radio alerts so as that they could't be intercepted truthfully. maximum living house and enterprise instant routers have an encryption putting and there are 2 considerable styles of encryption, WEP and WPA. WPA is lots better than WEP so i will communicate WPA. whilst securing your instant connection, you will enter an encryption key. This secret's sort of a password to get admission to your instant connection. you will comprehend it and supply it to those that you've confidence on your spouse and childrens who will use your instant connection. the nice and comfortable button is programmed into the instant router and once you elect for to hook up with instant on your workstation or instant gadget, you will enter the corresponding key into the instant community settings. The instant router makes use of the community key to encrypt (scramble) the instant sign in the previous it travels in the process the air and your workstation or pc makes use of an analogous key to decrypt (unscramble) the sign because it somewhat is being won. If absolutely everyone else intercepts the sign, they gained't have the means to apply it in the event that they have not got the community key.
2016-10-06 09:20:39 · answer #3 · answered by ? 4 · 0⤊ 0⤋