I want to redesgin my company network

Hi
Currently we 180 users in my company headoffice.And we have three branch offices on VPN.
My current network design for headofffice is a follows
                                        ISP------------------------>Router--------------->Pix firewall---------------------->Internal network (1 vlan)
I wan t to divide ny internal network with multiple VLans.Please suggest me any Good guide how i make a multiple vlans and terminate these on my pix firewall.

Junaid,
So if you are trying to design a new network and your trying to create some VLAN's, I would look at it as a Tiered approach. So in a tiered approach your Tier1 are your public facing zones, Tier 2 are your application servers, Tier 3 are your database servers, and Tier 4 would be your back end user systems.
If you want to create a DMZ on your firewall you can create a Layer 2 VLAN only on your switch, and assign your firewalls DMZ interface to the switch on this new layer 2 vlan (lets say vlan 100 for example). Now any device you want in this DMZ assign it to VLAN 100 and these devices are now routed through the firewall. The layer 2 VLAN keeps them all in the same network, but the routing exists on the Firewall. Now you can create a management VLAN that will be used for your inside interface on the firewall (lets say vlan 999) as well as all your other networking devices.
Your Tier 2 devices you can number in any manner but using something say in the 200's would
signify these are Tier 2 zones. You can use these for your application servers, jump servers, SNMP management servers, ect... Follow this pattern for each of your zones.
As for the WAN network it was stated above and I second that your VPN solution would probably be better if you used a DMVPN design on your WAN. This would scale better, provide good security, and allow for better management and implementation of you new remote offices.
I am not sure of any single document that I could reference to put all this in place. Most of designing a network comes from a compilation of different documents, corporate policies, architecture standards, and life lessons. If you want a few documents though here are the ones I would recommend:
DMVPN Document:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftgreips.html
VLAN Security Best Practices
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf
-Toby
Please don't forget to rate any helpful post.
There are no great limits to growth because there are no limits of human intelligence, imagination, and wonder.
- Ronald Reagan

Similar Messages

  • How to set up an E-mail server, ( To recieve and send outside a company network)

    Hie,
    The scenario is, our company wants to start hosting their own emails and not through an ISP. I somehow managed to install and configure MS Exchange server 2010, we are able to send and receive mails but only when we are connected to our company network.
    Is there something i have missed?
    Regards
    Felix

    Hi,
    this should help you:
    Enable Outlook Anywhere:
    http://technet.microsoft.com/en-us/library/bb123542(v=exchg.141).aspx
    Enable Exchange ActiveSync:
    http://technet.microsoft.com/en-us/library/bb124234(v=exchg.141).aspx
    Understanding Outlook Web App:
    http://technet.microsoft.com/en-us/library/aa998629(v=exchg.141).aspx
    Hope that helps
    Regards
    Sebastian

  • Guest network inside company network

    Hi All,
    I have AirPort Extreme 4th generation which is configured inside company network to give access to internet and internal network for our emplyees. Right now it is working in Bridge mode and just forwards packages from wi-fi clients to DHCP server or whatever they need. I need to configure Guest netwotk to allow only access to internet but not to internal network.
    Is it possible to do when AirPort connected to internal router or switch but not to ISP?

    Is it possible to do when AirPort connected to internal router or switch but not to ISP?
    Not in the way that the AirPort was designed to operate as a device connected directly to a simple modem, making it a "main" router handling DHCP and NAT services.
    It is not possible to say whether you might be able to set up the Guest Network function and have it operate correctly.
    If you want to try, you need to perform a Factory Default Reset on the AirPort and then configure it to act as a router handling DHCP and NAT services. 
    That may create DHCP conflicts since you already have another device handling DHCP on the network....and any devices on the "main" network there receiving DHCP from your server will not be able to "see" other devices on the AirPort network, since they will not be on the same subnet.
    it will definitely create a Double NAT issue, which will tend to slow down things a bit on the AirPort network.
    The bottom line is that you will be breaking some basic network rules if you try this. Whether or it will work cannot be known until you try it out on your own network.
    If you have strict network security procedures, the hypothetical setup above is not going to pass when the inspectors come around.

  • Slow logon with domain credentials when not on company network

    Hello,
    I have my MacBook Pro bound to the domain. When I am connected to the company network via a network cable, login is at normal speed. If I unplug the network cable, reboot, then try to login it takes minutes to get to my desktop. I'm guessing that it's looking for a domain controller or something. I'm doing this to simulate what it would be like if someone was away from the office.
    I have another MacBook Pro that acts the same way.
    Our domain is a .local domain. If this is the reason it's taking so long, is there a work around? Or a way to make it go through this process a little faster? Sometimes it takes as long at 2.5 minutes.
    Thanks,
    Josh

    I called into Apple support since no one has responded on this.
    He had two suggestions.
    1) Input our domain servers as the DNS servers in Network preferences. This works great except for when I'm wanting to use the Internet. It, of course, doesn't resolve any names to be able to go to websites. (EDIT: What I mean is that when I'm at another location it doesn't resolve names. If I manually input the DNS servers on my ethernet adapter, it will only resolve the name if those servers are available. When I'm not in the office, they aren't available. This speeds the login time up, but causes other issues.)
    2) Change our domain to something different than .local. We just can't do that at this time.
    I tried something that appears to work on this MacBook, but on the other one that is having the same problem it doesn't work. I manually input our domain.local in the Search Domains right by the DNS options in network settings. To be honest, I'm not 100% sure what that effects. So maybe it's completely happenstance? I'm not sure why it appears to work on one and not the other. When I say 'work' I mean that it only takes a few seconds to log in rather than minutes.
    The only difference between the two is processor speed.
    Any thoughts or can someone explain to me what affect manually filling out the Search Domain field would have?
    Message was edited by: Josh_P

  • I want to set-up a network with our current two laptops for a family of 4 w/unique 4 profiles. I'd like everyone to be agnostic about which computer to log into and use but still have private docs and apps (i.e.mail/facebook). How best can I do this?

    I want to set-up a network with our current two laptops for a family of 4 with unique 4 profiles.  I'd like everyone to be agnostic about which computer to log into and use but still have private docs and apps (i.e. mail/facebook).  How best can I do this?

    iCloud Photo Sharing FAQ - Apple Support
    http://www.fatcatsoftware.com/iplm/Help/accessing%20an%20iphoto%20library%20on%2 0another%20mac.html

  • I'm using Acrobat XI on Windows.  I want to add my company's logotype as a watermark to a PDF document.  How can I do this?  When I add it as a file (jpeg), the logotype is printed on a white square background.  It will be positioned on the PDF document o

    I'm using Acrobat XI on Windows.  I want to add my company's logotype as a watermark to a PDF document.  How can I do this?  When I add it as a file (jpeg), the logotype is printed on a white square background.  It will be positioned on the PDF document on a light, uniform yellowing color. I want this to show through, as if the logotype was stamped directly on the document.  Thanks.age to be completely transparent

    The above was truncated and garbled a bit and I can't figure out how to edit it.  So just to repeat the question a bit more clearly: "I'm using Acrobat XI on Windows.  I want to add my company's logotype as a watermark to a PDF document.  When I add it as a file (jpeg), the logotype is printed on a white square background (because the jpeg is square with a white background of course).  It will be positioned on the PDF document on a light, uniform yellowish color, which I want to show through. I want it to look as thought the logotype was stamped directly on the document.  Thanks.

  • I want to visit your company for studying.

    Hi, my name is Bae Gi Woong. I am a student from KAIST(Korea Advanced Institute of Science and Technology), Korea.
    I am interested in UI(User Interface) and Multi Touch System. There is a global education program which supports students who want to visit other countries to learn advanced technology, in a team with three more students.
    We are fascinated by the superiority of your company's ongoing research so we would like to visit your company and experience current advanced technologies.
    We want to visit your company in early August. Please give us a chance to experience future technologies. You could simply answer yes or no.

    It would be better to come to the WWDC in June. If not this year, then next. That would be a much more appropriate venue.

  • I want to connect to a network printer hp cp1518ni with different versions of windows (win7& winxp)

    I want to connect to a network printer hp cp1518ni with different versions of windows (win7 & winxp) . My pc with win 7 work ok but the pc with win xp not "see" the printer on the network. What is the additional driver should I install?
    thanks
    This question was solved.
    View Solution.

    Hi @OHIMATAS,
    I see by your post that you are unable to network the printer to the Windows XP computer, but the Windows 7 computer is connected. I can help you with this.
    Make sure the Windows XP computer is connected to the correct network name, not a Guest network either.
    Print a configuration page to get the printer's IP address.
    Printing a Configuration Page.
    Try and access the printer's Embedded Web Server on the Windows XP computer.
    Type the IP address into your web browser's address bar. (Internet Explorer)
    Did it load the webpage?
    If you can't access the printer's EWS, then check the IP address on the computer to see if the first 3 sets of numbers match the printer's IP. They have to match to be on the same network.
    Go to start, type run in the search box, type in cmd, then type ipconfig.
    Check the IPV4 address.
    Now check the IPV4 address for the printer.
    Do the first 3 sets of numbers match?
    Try and ping the printer.
    In the same window, type ping printers IP address (space between ping and IP address)
    What are the results?
    Run the add printer wizard through printers and faxes, if you were able to access the printer's EWS.
    Please provide in detail the results if you are still having issues.
    Have a nice day!
    Thank You.
    Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
    Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
    Gemini02
    I work on behalf of HP

  • Problem in loading images when i am connected on company network

    Hi friends, I am using firefox since last 4 months on my windows 8 pro laptop.but since last month I am facing problem in loading images when i am connected on company network but same time it is working fine with ie10. But all these thinks are working well at my home when I am using broadband.

    I don't completely understand your issue. Does this issue occur on 1 network and does not occur on another? Have you tried clearing cache and cookies and making sure your plugins are up to date?
    Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache.
    Note: ''This will temporarily log you out of all sites you're logged in to.''
    To clear cache and cookies do the following:
    #Go to Firefox > History > Clear recent history or (if no Firefox button is shown) go to Tools > Clear recent history.
    #Under "Time range to clear", select "Everything".
    #Now, click the arrow next to Details to toggle the Details list active.
    #From the details list, check ''Cache'' and ''Cookies'' and uncheck everything else.
    #Now click the ''Clear now'' button.
    Further information can be found in the [[Clear your cache, history and other personal information in Firefox]] article.
    Did this fix your problems? Please report back to us!
    Please check if all your plugins are up-to-date. To do this, go to the [http://mozilla.com/plugincheck Mozilla Plugin Check site].
    Once you're there, the site will check if all your plugins have the latest versions.
    If you see plugins in the list that have a yellow ''Update'' button or a red ''Update now'' button, please update these immediately.
    To do so, please click each red or yellow button. Then you should see a site that allows you to download the latest version. Double-click the downloaded file to start the installation and follow the steps mentioned in the installation procedure.

  • Multi company network

    Hi!
    I’m asked to setup a multi company network. There will be approximately 4-8 small companies around 8-15 people in each company.
    These companies will share some resources as printers and probably a nas. Furthermore they will have their own wlan ssid trunked from E0/7 to the AP.
    Thinking about using asa5505 security plus license. AP will be this one AIR-SAP1602I-E-K9. As of now to allow more ports for users I will just hock up small simple switches to each Ethernet port on the ASA. When there are no more room I will buy a vlan capable switch.
    Each company per vlan.
    company1 Vlan10 192.168.10.0/24
    company2 Vlan20 192.168.20.0/24
    company3 Vlan30 192.168.30.0/24
    company4 Vlan40 192.168.40.0/24
    Shared Vlan100 192.168.100.0/24, printer ip 192.168.100.10
    The companies should be separated from each other and only able to access the internet and the printer vlan. I got public ip in a 248 subnetmask giving me 6 addresses.
    Company1 need to have 1 private ip. Also given ability to access their desktop PC from home. Other companies could share the same public IP.
    Copmany2 will host a web server so it also needs a public ip accessible from outside.
    Setting up Vlan and interfaces is no problem. The problems for me starts when creating NAT rules. Guess I will not use same-security-traffic permit inter-interface and use ACL.
    How should you managed the traffic flow?
     Br
    Fredrik

    You're on the right track.
    One VLAN per company, each assigned to an interface, no same-security-traffic. Make them all security level 100. Make the printer VLAN 90.
    Create a remote access VPN for company 1 with split tunnel and only give them route to their assigned network. Make the nat rule for them as nat(company1,outside) with dynamic translation to the outside interface. Make separate nat rules for the other companies as well with dynamic translation to one of your other public IPs. Make one specific port forwarding NAT rule for the company 2 webserver.

  • Can't Connect to our Company Network

    Good morning! I'm new to MAC computers so bare with me. I'm using a MAC at work and I'm not able to access the company Network. I've had our IT lady take a look with no luck. Is there anyone out there that can help?

    Hi Lisa,
    We'll need more details about your situation to help you. Are you trying to connect wirelessly or through an ethernet cable? Does your network use DHCP?
    Does your network administrator have the network MAC-locked (this doesn't refer to Macintosh computers; each device on a network has what's called a MAC address. It's a number that looks like 00-12-34-56-A7-4D and it identifies the device.) If the network is MAC-locked, you'll need to add your computer's MAC address to the list of approved network devices before it will connect. Restricting hardware on a network with a MAC-lock is fairly common in the corporate world.
    Please come back with as many details about the situation as you can. Good luck!

  • In light of Mozilla refusing to support free speech I would like to delete it off my company network

    How can I be assured that it has been actually deleted off all workstations, with no files left?
    We have too many to individually check and we need to unsure Firefox is totally removed from use.

    What boycott? I asked a direct question but received a canned political answer. Now I see the problem there.
    I merely asked for technical advice to insure all the files are removed from my company network. Is there a link for network administrators re removal instructions? If so, can you send it?

  • Company network design

    Hi guys,
    I am a student from Belgrade and currently i am working on company network implementation, and i have few problems.
    1. I have to make company regional center which looks like this:
    - Company has two buildings in one town:
     - First building has four departments (finance, development, IT, marketing) and server farm with five servers (one for each department and one shared server)
     - Second building also has that four departments and only one server (backup server)
    Requests:
    a. Each department should see its server without routing
    b. All other traffic should go through router
    How can i achieve this?
    I have sent you screenshot of my network with backbone and one city connected (BGD), with redundant routers on backbone and with its two locations.
    Also, i am not sure if i need separate router for each location.
    2. I need to add main office and branch offices to Houston router:
    -Main office should be connected to backbone and it should contain another router which is connected to branch offices via serial links.
    Requests:
    a. How should i design this?
    Thank you anyway,
    Regards,
    Dragan

    Hello,
    It is my university project, but actually, i am not that lazy, i would like to do it on my own, but i am not 100% sure how to do that.
    Ok then, i will tell you my ideas and i hope you will tell me if it is right.
    1. As you can see in the attached picture i have built backbone (4 routers named NewYork1, NewYork2 (i needed router redundancy for NewYork), Houston and LA) and New York network, which should be one OSPF area.
    There are two company buildings in NY on separate locations. Both buildings have 4 departments - floors (finance, marketing, development and IT).
    First building structure:
    - On each floor i have one department and in the basement is the company data-center (with 4 servers for each department and one shared server) and DMZ.
    Second building structure:
    - On each floor i have one department and in the basement is the backup server.
    Requests for NY:
    a. Each department should access its server without routing.
    My solution:
    - As you can se on the pic i attached, i put a router in each location (routers named NewYork-Location1 and NewYork-Location2), in order to divide the network into two LANs.
    - Every department, servers room and DMZ has its switch so i can add more devices.
    a. Each department should access its server without routing.
          - As i know this is possible only on location 1 if i configure VLANs (one VLAN for department and dedicated server). Traffic from location 2 departments to dedicated routers must go through router. Is there some other way to achieve this? can vlan be made on remote sites?

  • Adobe Reader 11.09 unstable on Win 8.1 in Company Network

    Today I started rolling out Adobe Reader 11.09 in my company network.
    Installed on 4 machines I have difficulties on 2:
    - 2 machines with Windows 7: no Problem
    - 2 machines with Windows 8.1: Adobe Reader is very unstable and slow
    I tried opening pdf-files from a network share (as I read a different thread here) and from local hard drive.
    Both times Adobe Reader gave no Response for minutes.
    After changing back to 11.08: no problem.
    Anyone any idea?
    If you need more detailed information just ask.

    Not that anyone cares but I´ve solved the problem.
    It has nothing to do with Windows 7 or Windows 8 but if the proxy in system settings is enabled or not.

  • I want to change the company address of payment advice.

    i want to change the company address of payment advice.
    plz any one tell me the procedure and Can any one tell me program name and layout name for payment advice.
    points will given.
    with regards

    plz tell me the procedure

Maybe you are looking for