Comminication between VLANs

[Logmaster]

Hi,

I am a newbie. I want to setup to VLANs, one for the internatl network and the other one for the DMZ. I want to be able to manage the servers on the DMZ so basically I need to be able to open ports between the internal VLAN to the DMZ vlan.

Can anyone please let me how to do it or the order of operations? I can either use IOS or SDM...

Regards,
Joe

 

[burtsbees]

Can you please post somewhat of a network diagram? For example, is the internatl network, or vlan, a public addressed network? Is your dmz a "dirty" dmz? A diagram would help.

Burt

 

[Logmaster]

Hi,

I have just reinstalled my machine and I still don't have Visio or anything else that I can use for diagrams.
Even though I am still in the design process, I still haven't decided what's the best approach that will meet most of our requirements.
Could you please go over the information below and suggest what's the best/most secure approach?

WAN:
We have two high speed connections, 1 is Cable (Comcast, DHCP) which is the primary and the secondary one is ATT (Static IP).
I have managed to setup two the two connections however I still can't figure out how to enable redundancy and how to direct certain services to specific WANs...

LAN:
We have a standard LAN with workstation and 2 application servers that are mission critical that do not require incoming ports. Each one of the servers have two NICs.
I am trying to figure out how to use the secondary connection for the application server and switch to the primary one of the secondary fails. If Possible, I would like that the dial up connection will be the last resort for the application servers should both connections fail.

DMZ:
We have two web servers which require only ports 80 and 441 and 4 VOIP devices. The VOIP devices require a broad range of ports open


DMZ->Intranet: one of the servers on the DMZ will have to connect to one of the servers in the internal network (back end server)
Intranet->DMZ: I want to be able to connect to the servers on the DMZ using terminal services and have a few other management ports open.


VPN: I want to be able to dial in and communicate with the intranet and DMZ. I have managed to setup a VPN connection however I cannot communicate with the Intranet (I haven't setup the DMZ)

Switch: I have the 24 ports, SMC8624t 1GB managed switch which allows me to configure seperate vlans for specific ports. My plan is to configure a separate VLAN for the DMz
and the intranet.

DDNS: I have managed to setup two separate DDNS connections for each one of the WANS. I am not sure if it's possible but if I could, I would want to be able to switch the DDNS
from the primary one to the secondary one if the primary connection fails, then switch back once the connection is up.


Any advice will be greatly appreciated...

Thanks,
Joe

 

[gb0mb]

What type of network hardware is in place?

If I read your post right it also seems that you will have your dmz and intranet on the same switch using vlans for separation?

If that is correct, it is a bad policy. Lots of companies say that VLANs are a security feature. That in my opinion is incorrect. Vlan hopping is very easy. The only time I would use a vlan is for some sort of organizational purpose.



Gb0mb

........99.9% User Error........

 

[Logmaster]

I guess that you are right, I am going to separate network with two switches...

Do you have any other recommendations on how to config the router?