I am preping equipment for a company move into another building. I am pretty confident I've got a workable configuration, but not sure its the best or most efficient.
here's a summary:
*Cisco 2651XM with 3 FastEthernet Interfaces
*Netscreen 5GT acting as Firewall
*Procurve 2650 switch
*Qwest Optical Ethernet service connecting Corp office with Colocation
*3MB Direct Internet Access provided by local ISP
**Corp IP subnet (10.0.1.X)
**Colo IP subnet (10.0.2.X)
**Netscreen(Corp) (10.0.1.2)
**Netscreen(Colo) (10.0.2.2)
**Ethernet interface on Corp-Cisco (10.0.1.1)
**QMOE Interface on Corp-Cisco (192.168.1.1)
**DIA Interface on Corp-Cisco (192.168.1.3)
**Ethernet interface on Corp-Cisco (10.0.2.1)
**QMOE Interface on Corp-Cisco (192.168.1.2)
**DIA Interface on Corp-Cisco (192.168.1.4)
***Corp and Colo contain the same hardware and designed the same.
Corp:
*Any traffic destined for Colo(10.0.2.1) will route through QMOE Ethernet Interface.
*Any traffic destined for Public(*.*.*.*) will route through DIA Interface.
*If QMOE Ethernet Interface is down, any traffic destined for Colo(10.0.2.1)will route through a VPN connection setup in Corp Netscreen 5GT(end point will be VPN connection on Colo Netscreen 5GT)
*Traffic from the Public will route through Netscreen - to Cisco - and to appropriate servers (we have web app, email servers, etc)
************************
Colo:
*Any traffic destined for Corp(10.0.1.1) will route through QMOE Ethernet Interface on Colo Cisco.
*Any traffic destined for Public(*.*.*.*) will route through DIA Interface on Colo Cisco.
*If QMOE Ethernet Interface is down, any traffic destined for Corp(10.0.1.1)will route through a VPN connection setup in Colo Netscreen 5GT(end point will be VPN connection on Corp Netscreen 5GT)
**Traffic from the Public will route through Netscreen - to Cisco - and to appropriate servers (we have web app, email servers, etc)
********************
What do you all think?
Mark C.
here's a summary:
*Cisco 2651XM with 3 FastEthernet Interfaces
*Netscreen 5GT acting as Firewall
*Procurve 2650 switch
*Qwest Optical Ethernet service connecting Corp office with Colocation
*3MB Direct Internet Access provided by local ISP
**Corp IP subnet (10.0.1.X)
**Colo IP subnet (10.0.2.X)
**Netscreen(Corp) (10.0.1.2)
**Netscreen(Colo) (10.0.2.2)
**Ethernet interface on Corp-Cisco (10.0.1.1)
**QMOE Interface on Corp-Cisco (192.168.1.1)
**DIA Interface on Corp-Cisco (192.168.1.3)
**Ethernet interface on Corp-Cisco (10.0.2.1)
**QMOE Interface on Corp-Cisco (192.168.1.2)
**DIA Interface on Corp-Cisco (192.168.1.4)
***Corp and Colo contain the same hardware and designed the same.
Corp:
*Any traffic destined for Colo(10.0.2.1) will route through QMOE Ethernet Interface.
*Any traffic destined for Public(*.*.*.*) will route through DIA Interface.
*If QMOE Ethernet Interface is down, any traffic destined for Colo(10.0.2.1)will route through a VPN connection setup in Corp Netscreen 5GT(end point will be VPN connection on Colo Netscreen 5GT)
*Traffic from the Public will route through Netscreen - to Cisco - and to appropriate servers (we have web app, email servers, etc)
************************
Colo:
*Any traffic destined for Corp(10.0.1.1) will route through QMOE Ethernet Interface on Colo Cisco.
*Any traffic destined for Public(*.*.*.*) will route through DIA Interface on Colo Cisco.
*If QMOE Ethernet Interface is down, any traffic destined for Corp(10.0.1.1)will route through a VPN connection setup in Colo Netscreen 5GT(end point will be VPN connection on Corp Netscreen 5GT)
**Traffic from the Public will route through Netscreen - to Cisco - and to appropriate servers (we have web app, email servers, etc)
********************
What do you all think?
Mark C.