Hello All. I am a jR. level IT guy with a little experience with a lot of things. As it is routing and the like are one of the things I haven't touched yet at all. The old dog just up and quit, and as he was the only other IT guy at my place of employment that gets to change. Immediately. I don't have config questions (yet), just making sure I nail down the basics/design on this first. Just trying to make sure I don't end up with my pants down and users that can't get their work done.
On to the situation. I've been tasked with completing the remote access project that the last guy just started before he walked, and what he gave me (bought already) is an, as mentioned, ASA5505 with DMZ license.
All the remote clients use Windows work stations, a few XP, a few vista and we are a month-ish away from getting a batch of 7 units to replace so older machines. so it should be fairly simple to do a L2TP/IPSec VPN.
The setup currently, that is up and running without issue, is as follows.
DSL modem, doing the NAT. I believe this is a Motorola product.
ASA configured with 2 networks enabled:
-outside; attached to the DSL
-inside; attached to my LAN that has ~25 users and lots and lots of confidential records that the FDA wouldn't like anyone else seeing.
Today I configured a win2k3 to be my routing & remote access server, it will also be a terminal server. Also should be mentioned in the event someone knows about a compatibility issue that I don't it is the server that has been running WSUS/IIS and would like to leave that alone if that is possible. Seems reasonable to me to put all the things that would touch the internet on 1 box. On that note I would be putting a DNS forwarder here too.
Now on to my questions.
I would want to put that server on my DMZ? Or I could put it on the subnet between my router and the ASA, as I believe that is acting as an empty DMZ?
Would it be best to try to configure my modem to pass through to my ASA? This would effectively put the ASA up against the cloud and necessitate adding the NAT functionality to this device?
I can't tell if I'm over thinking things or just don't know what the hell I'm talking about. Anyone venture a guess?
thanks for any input.
On to the situation. I've been tasked with completing the remote access project that the last guy just started before he walked, and what he gave me (bought already) is an, as mentioned, ASA5505 with DMZ license.
All the remote clients use Windows work stations, a few XP, a few vista and we are a month-ish away from getting a batch of 7 units to replace so older machines. so it should be fairly simple to do a L2TP/IPSec VPN.
The setup currently, that is up and running without issue, is as follows.
DSL modem, doing the NAT. I believe this is a Motorola product.
ASA configured with 2 networks enabled:
-outside; attached to the DSL
-inside; attached to my LAN that has ~25 users and lots and lots of confidential records that the FDA wouldn't like anyone else seeing.
Today I configured a win2k3 to be my routing & remote access server, it will also be a terminal server. Also should be mentioned in the event someone knows about a compatibility issue that I don't it is the server that has been running WSUS/IIS and would like to leave that alone if that is possible. Seems reasonable to me to put all the things that would touch the internet on 1 box. On that note I would be putting a DNS forwarder here too.
Now on to my questions.
I would want to put that server on my DMZ? Or I could put it on the subnet between my router and the ASA, as I believe that is acting as an empty DMZ?
Would it be best to try to configure my modem to pass through to my ASA? This would effectively put the ASA up against the cloud and necessitate adding the NAT functionality to this device?
I can't tell if I'm over thinking things or just don't know what the hell I'm talking about. Anyone venture a guess?
thanks for any input.