Connecting to Multiple networks

G

Guest

All,

My Boss would like to set up a management backend network away from the
external connection.

Basically Internal NIC 10.0.x.x
External NIC 80.x.x.x

Will this work effectivly or is there a better way of setting up a
management network?

thanks
 
N

Neteng

Are the devices on the public domain (80.x.x.x)? If so, you should not
create a mgmnt network that has connectivity to your real internal LAN.
 
R

Robert L [MS-MVP]

we need more information to help. assuming this is windows 2000 server, enable NAT to protect your system.

NAT and Firewall How to Setup Network, Internet Sharing, Remote Access and VPN Step by Step Guide ... How to configure 2000/2003 NAT services and ports ...
www.howtonetworking.com/Windows/NAT&firewall.htm


Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
All,

My Boss would like to set up a management backend network away from the
external connection.

Basically Internal NIC 10.0.x.x
External NIC 80.x.x.x

Will this work effectivly or is there a better way of setting up a
management network?

thanks
 
G

Guest

Hi,

They are a mix of Windows 2000/2003. They do have a firewall on and also
IPSec but NAT is not enabled.

Thank you.

Robert
 
N

Neteng

I would not rely on NAT as a layer of protection between the public domain
and my private LAN.

Robbie said:
Hi,

They are a mix of Windows 2000/2003. They do have a firewall on and also
IPSec but NAT is not enabled.

Thank you.

Robert
Click to expand...
and VPN Step by Step Guide ... How to configure 2000/2003 NAT services and
ports ...
 
G

Guest

Neteng,

I am a windows engineer here and how I would structure the network is
firewall then public facing servers and then firewall then private data
servers. Everyone else here are Cisco network engineers and have Unix
knowledge and they wish to have the structure firewall, Public servers, VLan,
Management Network and then lock down the VLan.
 
G

Guest

Also to add to the below,

Do you know any good books regarding Windows and Security e.g. desiging a
network security plan I know there are ISBN 0-7356-2061-Xand ISBN
0-7356-1969-7 are these any good or would you recommend any other books?

Thank you in advance
 
N

Neteng

Your design is correct. With a two-tier firewall, you control access to and
from everything in the DMZ, including "management protocols (ie SSH to a
Unix box). I recently purchased, but haven't had a chance to read
073562061. For design I've heard the following are pretty good. My current
job only exposes me to Cisco gear, but I was a server admin for years. I'm
surprised that your Cisco guys only want a single firewall in place.

ISBN: 0321305019
ISBN: 0782143296
ISBN: 1932266550 (I own this one, but it hasn't arrived yet)
 
G

Guest

Neteng,

Well to be honest they are not really fussed about a firewall, they are
happy to VLan absolutly everything off into seperate VLans but I know that
this will cause a Windows Administrative nightmare. I will try and get them
to go down the dual firewall route with somthing like a Netscreen and then a
PIX and stop the VLan Nonsence.
 
G

Guest

Also as a thought wouldnt windows get confused connecting to two different
networks with two different Gways.

I have connected servers to a management network but have used a Storage
area network to do this which uses WWN.
 
N

Neteng

The servers in the DMZ need a DG of your front end firewall and a static
route to the backend firewall (ie to your private subnet).
 
P

Phillip Windell

Robbie said:
Also as a thought wouldnt windows get confused connecting to two different
networks with two different Gways.
Click to expand...

It can work on two networks,...it just can't have two gateways.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help w/ multi homed server 2
Network Connection stops sending to outside network 2
DHCP Inside / Outside 14
Unable to see NIC properties 3
Network Cable Unplugged 1
Correct routing/DNS config for dual-homed 2000 svr 2
2 pci network cards with 2 different ip classes 4
Windows 2000 Multihomed Servers Lose Static IP Configurations Randomly 5

Top