Results 1 to 4 of 4
  1. #1

    Network Design for 3 hosts

    We just moved 3 1U's to a new colo center, from a single host in a managed facility. We need some advice on the best way to configure our topology. 2 Systems are Windows 2003, and 1 is Centos OS.

    Each host has dual NICs, and we would like to configure 1 NIC for internal server to server traffic, and 1 NIC for the external Internet. We have a checkpoint VPN-1 firewall and several switches to work with.

    Our current thinking is that the ALL NICs should be behind the firewall (for protection and for Qos control), and the external NICs need to be bound to the actual external IP address to avoid NAT issues with some of our Apps that can't handle NAT translation through the firewall (Asterisks VOIP using UDP for one).

    Is it possible or recomended to do this? I have tried everything I can with our router to allow the external NICs to be bound to an external IP but still participate on the network behind the router to no avail.

    Our other host had only 1 NIC bound to the external IP, and only the windows firewall turned on to provide firewall protection. We really dont have any real life experience configuring this type of setup, and would apprecaite any guidance or guides anyone can suggest.

  2. #2
    Join Date
    Feb 2006
    Bristol, UK

    Are you using a separate router as well as the VPN-1, or just the VPN-1 between your kit and your transit provider's router?

    Network EQ
    UK VPS
    , cPanel Hosting, Dedicated Servers and Hosted Exchange

  3. #3
    Just the VPN-1.

  4. #4
    Join Date
    Jan 2007
    I have a client that has a similiar set-up, and to make things more simple, you might want to consider 2 firewalls, one for just the VPN and one for protecting the Public side. Use a single layer-3 switch and create multiple vlans, one for your vpn traffic, one for your external traffic and then one for just public. Take the inside of your vpn and the nics for your server-to-server communication into the vlan desginated for your vpn traffic, then take the nics and you public firewall into a second vlan desginated for internet communications. This will seperate up everything nicely. The third vlan should just be where your internet connection comes into, then plug the outside interface of your vpn and your public firewall into that vlan.

    This is a quicker set-up, but it should work nicely, along with keeping your traffic seperated. I am not sure if you are utilizing vlans right now, or just tring to use multiple switches, but I personally think the VLAN approach is the best.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts