Hi, Off Topic, but I'm struggling..
I have been contracted to make some network changes at a site I originally set up 10 years ago. It started with a couple of PC's with an OpenBSD server as the default gateway/firewall. As time went on, the site has grown and now is 200+ computers and several other gateways to other sites (hospitals, government, etc). And yes, the OpenBSD firewall (though upgraded) is still key in this network topology. The original idea was to have all the routes on the OpenBSD firewall and rely on ICMP redirects to build dynamic routes where needed. This has worked until recently. One of the Hospital sites has put in a CISCO Pix 506E and it's not behaving properly with ICMP redirects. If I put a static route on the Windows PC, it works fine. The IT department at the hospital has said "Note: I had problem before, the PIX does not like to do "icmp redirect". Its work best and better security if the internal hub is a layer 3 switch then you control the route policy/Access List from the layer 3 switch." Well, this is a wee bit over my head, and I really need to read up on how to PROPERLY design a larger network environment with multiple (4-5) different gateways and maintain routes properly with minimal human intervention. This has to work with a mixed bag of Windows 98 and up and assorted Unix systems. I also need to figure out how OpenBSD will fit into this infrastructure, as I really like the stability/configurability of OpenBSD ( and spamd :-) ). Does anyone have pointers, Web or books ( I don't mind spending $$ ) for resources that would help me understand more complex networks. Thanks, Steve Williams
