Hi,
I have a question about how I should setup/configure the following scenerio. I have a small office with a cable connection using a single public IP address. This would be easy if I had a Cisco PIX 515 with a few DMZ ports but at the moment that is not an option. Behind the internet connection I need to have (4) seperate networks for the following: (1) Inside LAN, (2) Wireless LAN, (3) LAB Environment, (4) Web/Email Server. I want to allow VPN access from outside that would give certain people access to the Inside LAN and/or the Lab Environment. I need to setup a wireless network that would provide only
access to the internet and nothing else. And I need the Web/Email server to be available on the web for their respective services etc.
Currently I have a PIX 501 in place that sits between the internet and the Inside LAN. I have it configured to accept VPN remote access to the Inside LAN. The Web/Email Server is currently not available from the outside of the firewall (unless you VPN in), only the Inside LAN can access them. The wireless network is not set up. The Lab Environment is also in place but is currently accessible through a Cisco 2511 (interface currently on Inside LAN) that has been setup as a terminal server connected to the other devices.
I was hoping someone can tell me if this is possible using a PIX 501, Catalyst 2950 Layer 2 48-port switch and a Cisco 2610 with the NM-4E (4 port ethernet network module). My thought was something like this:
|(E1)->SWITCH-VLAN1
(Inside VLAN)
|
|(E2)->SWITCH-VLAN2
(Lab Environment)
|
Cable–>PIX–>Cisco-|
Modem 501 2610 |
|(E3)->SWITCH VLAN3
(Web/Mail Server)
| |(E4)->SWITCH VLAN4
(Wireless Internet)
The Cisco 2610’s single onboard ethernet interface would connect to the “Inside” PIX interface. The 4 port ethernet network module would give me the E1 – E4 interfaces on the
router. Each of these interfaces would be connected to a seperate block of ports on the 48 port switch that will be split into different VLAN’s. The Cisco 2610 would also have an IOS image proving an IOS firewall feature set which would protect traffic between the VLAN’s since the router will be routing the traffic between them. Remote clients would be able to VPN into the PIX and based on their credentials they would gain access to one or more of the VLAN’s. Since I didn’t get to choose the original equipment I guess what I am trying to do here is use the router and switch to create separate DMZ’s similar to a PIX 515. Since the PIX 515 is way out of the budget I am hoping this will work.
Can anyone confirm wether or not this will work. Comments and suggestions are welcomed.