----- Original Message -----
Sent: Wednesday, August 09, 2000 10:04
AM
Subject: RE: PIX and WIN NT Proxy
Server.
>We are trying to deploy the PIX 520 with Windows NT
Proxy
>servers for authentication and Caching.
Could anyone who
>has done this point me to the
Pros and Cons of this. Any
>Web site or white paper
would be extremely helpfull.
From what I have implemented (and seen), this has been
a
fairly common setup. By implementing MS Proxy as a
cache
server (be sure to use a single NIC and NO
rules), you
will be able to cache all the common
(static) pages that
all your users visit; this will
improve response times and
potentially increase your
available bandwidth. MS Proxy
does operate as a pretty
good cache.
Of course, there are a couple of added benefits too -
If you require all users to be authenticated via the
proxy server (say were using SOCKS), you can configure
the
PIX so that it will only allow outbound traffic
from a
specific IP address, thereby conserving your
connection count
(you essentially allow only one
address to access the internet).
Using a cache server
makes certain administrative tasks easier
as well,
especially if you have to block access to various
sites (either directly or via WebSence).
There are a couple of things to keep in mind. Depending on
how everything is configured, you may need to install
and
configure a DNS caching server. If you are using
PrivateI,
some of your reports may break - since a
cache is installed,
there will only be one originating
address.
If you need any white papers, you might want to go out
and
search CCO (sorry, I don't have any of that
information
bookmaarked).
As to other Pros and Cons, all I can say is that it
depends
on what you *really* want to do. Sorry.
HTH.
Michael Dingeldey CCDA, CCNP
Senior Network Engineer
Interactive
Business Systems
Ph: (734) 542-9137
Fx: (734) 542-9149
