Re: Network card configuration advice

From: Stuart Mackie [MCP, MSP] (me_at_--REMOVE_THIS--stu.uk.com)
Date: 02/25/04

• Next message: Phil: "Tightening E-Mail"
• Previous message: JB: "Exchange User"
• In reply to: John: "Re: Network card configuration advice"
• Next in thread: Wesley Kendall [MSFT]: "RE: Network card configuration advice"
• Messages sorted by: [ date ] [ thread ]

Date: Wed, 25 Feb 2004 14:57:41 -0000

Hi. The reason for the configuration is because we'd prefer to make use of
the Watguard firewall facilities rather than those with the Cisco router,
but we want to make use of the Cisco router VPN for connecting remotely
using some symbian platform products as well as normal laptops etc. If the
symbian platform software supported non-gateway VPN, or the VPN the
Watchguard supports we wouldn't have the problem, but it could be anything
up to 1 year before the Watchguard VPN support is publically released by the
symbian software company.

The only way I could think of to get this to work easily without having
holes in the network was to keep the current configuration with the
workstations and server behind the watguard firewall. Our DNS is hosted
externally for our domains and currently points to the External IP address
the watguard unit holds for SMTP etc. To accomodate the use of the Cisco
VPN we thought using a second nic placed behind the router and in front of
the firewall, only allowing VPN data to pass through would secure our VPN
access while not affecting our current configuration.

I'm just not sure how to configure this second nic so that when the router
passes the VPN traffic to it, after a user/computer is authenticated it can
then access the internal network via network card 2 which sits behind the
watchguard firewall.

-- 
Thanks for any help,
Stuart [MCP, MSP]
www.stu.uk.com
To reply via email, remove '-REMOVE-THIS-' from my address
"John" <John@4sol.com> wrote in message
news:ulCrMS6%23DHA.2348@TK2MSFTNGP09.phx.gbl...
> Why are you planning on this configuration?
> It seems overly complicated what are you hpoing to achieve
>
>
>
> "Stuart Mackie [MCP, MSP]" <me@--REMOVE_THIS--stu.uk.com> wrote in message
> news:e1rcps4%23DHA.3712@tk2msftngp13.phx.gbl...
> > Hi.  I posted last week with a question about network layout advice.
> After
> > taking into account what everyone suggested, we have now decided on our
> > network layout but are unsure how to configure the network cards :
> >
> >
> >                       Cisco 837 Router  --------
> >                                  |                            |
> >                      Watchguard Firewall         |
> >                                   |                           |
> > Workstations ---- Switch ------ SBS2k3 Server - VPN Incoming Only
> >                                  |           [Server Nic 1 = External]
> >                                  |
> >                       SBS2k3 Server
> > Other Incoming services - SMTP etc and for outgoing use
> >                [Server Nic 2 = Internal]
> >
> >
> > - External Router IP 217.xxx.xxx.65, clients behind the router (NOT
> > including the watchguard firewall) have an internal IP of
> 192.xxx.xxx.1-100
> > - Only VPN ports from the router external IP address are forwarded to
Nic
> 1
> > of the SBS2k3 Server [I need to configure this Nic to allow VPN only
> > incoming through this nic]
> > - The watchguard firewall takes its only different external IP
> > 217.xxx.xxx.71
> > - All Workstations and one the second SBS2k3 internal nics sit behind
this
> > firewall which uses NAT with IP addresses 10.xxx.xxx.1-100
> > - We don't want workstation traffic to pass through the SBS2k3 Server -
> i.e.
> > we aren't using ISA server and are happy for workstations to access the
> > internet directly.
> >
> > At the minute we have two Intel network card and one is currently
> disabled,
> > so we are only using a single network card configuration at present.  I
> > don't really need to change to a dual network card setup for the normal
> > reasons i.e. to make the SBS2k3 server a gateway.  I want to make this
Nic
> > available for incoming VPN only, and place it in a secure area behind
the
> > Cisco 837 Router (which is using NAT) configured to do VPN
authentication
> > only for this particular IP address, and only allow VPN ports to come
> > through on the external network card.
> >
> > Ideally I think the SBS2k3 server should use the second Nic which is
> behind
> > the watchguard firewall for outgoing data as well as receiving SMTP etc.
> It
> > probably wouldn't make too much of a difference which network card was
> used
> > for this though.
> >
> > Can anyone advise me on how I can configure Nic 1 for use so that it
only
> > accepts incoming VPN traffic ?
> > How to I configure the Nic so that when someone connectes in via VPN,
they
> > can access the internal network through Nic 2 which sits behind the
> > Watchguard firewall ?
> > And finally :)  can anyone see any flaws in the way we are attempting to
> do
> > this ?
> >
> > -- 
> > Thanks for any help,
> > Stuart [MCP, MSP]
> > www.stu.uk.com
> >
> > To reply via email, remove '-REMOVE-THIS-' from my address
> >
> >
>
>

• Next message: Phil: "Tightening E-Mail"
• Previous message: JB: "Exchange User"
• In reply to: John: "Re: Network card configuration advice"
• Next in thread: Wesley Kendall [MSFT]: "RE: Network card configuration advice"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint