No announcement yet.

Network Setup

  • Filter
  • Time
  • Show
Clear All
new posts

  • Network Setup

    Hi ,

    My Client needs a critical network design for its network , and i need a expert advice on this , whether its possible with windows server 2008 Routing Functionality or i must have to go with Cisco Layer 3 Switch only.

    We are basically using a Xen Server and have about 500 VM running inside. We implemented a Xen Desktop and users are able to connect to their desktop using a Web URL from out side.

    At present First they are login to corporate office using vpn and able to access the XD which is located inside my LAN. Now my question is i am using only a single ISP Connection for my corporate and the scenario is we are having a 10 Differant Client are connected to my network using VPN , and at present all are in same subnet so if any infection or something wrong it will easily be spread in my network . So i want to keep them in a differant VLAN but in that case can i keep the same internet gateway address for all vlan to send the traffic using that address.

    Here i am presenting 2 scenario , which will be the best one and will this fullfill my requirement .

    Intetnal LAN - DMZ - / 24 (DNS)

    Client 1 - Conected using VPN (DNS)

    Client 2 - Connected using a VPN - (DNS)

    Client 3 - Connected using a VPN - (DNS)

    or else keep a large range for all clients and keep all clients in a differant vlan and assign a common gateway to all vlan.

    e.g VLAN1 - (DNS)
    VLAN2 - (GW) (DNS)

    Please Help...


  • #2
    Re: Network Setup

    Lots of un answered questions here. Where is the vpn terminating? Router, ASA etc...

    10 remote clients isn't alot at all. Are you permitting split tunneling with your vpn or is everything tunneled once they connect? If you are worried about virus's/malware you could always implement some "posturing" on the clients, meaning that when they attempt to connect to the vpn, the vpn gateway checks the client for antivirus, up to date definitions, if a windows machine a particular service pack etc...

    Typically with a cisco vpn, you dont specify a default gateway for the client as the "crypto acl" determines what is encrypted and sent over the tunnel. Once it reaches the vpn gateway device, it is then decrypted and routed to the destination. The vpn gateway should install a host route back to the client in its routing table.

    Depending on what the vpn terminates on will determine what type of policy you can apply. If its an ASA, you can create separate tunnel groups for particular clients with a different policy etc. Lots of options available with the right equipment.
    Last edited by auglan; 27th September 2012, 16:37.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)


    • #3
      Re: Network Setup

      you state in your post that you require "expert advice"

      I would suggest then, that you go and obtain that expert advice, and pay the expert for their time accordingly.

      It's fairly clear that you don't have the expertise necessary to be doing this work.
      Please do show your appreciation to those who assist you by leaving Rep Point