Here we go again ( Pix 515) [7:49492]
Dear All, I am jumping into a similar mess as when I started at my current company, but this time the Macs out number the PC's. Well here is the scoop: 180 Macs 50 PC's Static Ip's No DHCP No FW Quick Mail Server and a whole bunch of other nasty things.. - They just purchases a Pix 515 - They just bought Exchange 5.5 My projects are: Set up DHCP Set up Pix Set up Private Addressing Set up Exchange Migrate them from Quick Mail etc etc I have done this before but maybe you guys can help as to how I should go about this the quickest. Thanks, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49492&t=49492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Here we go again ( Pix 515) [7:49492]
Man, you aren't asking much, are you? ;-) Ok, here's the order I'd do things in... First things first, get that firewall in place. You don't list what their internet connectivity is, but if they bought a PIX, it's safe to assume that they have a persistent connection, and that being true, they're really hanging it out there for someone to cut off, so to speak. Network security is always a primary concern, and the firewall won't take alot of time to set up. Not setting it up could be very costly. If they already have a light(er)-weight firewall like a Linux host running IP chains or IP tables, replacing this first will save your users down-time later because you can pre-configure your internet rulebase/access in preparation for your private addressing. Next, I'd do the DHCP and Private Addressing. These go hand in hand, and since your firewall is now in place, you can do the NAT/PAT translations as needed and not have to rethink these later. Third, get Exchange up and running. If it's going on a different system than Quick mail is running on, great! Now you can get them running in parallel, and move users accounts over one at a time or in batches. There are probably tools out there to do the mailbox format conversion. Now that your network is secure at layer3/4, you can focus on the nitty-gritty of the user data. (Oh yeah, don't forget that backup!!!) It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and support DHCP, so from an L3/4 standpoint, they're really no different than your PC's. When doing multiple projects like this, I tend to work along the OSI model. If the wiring is horrible, or the NIC's are all old 10Base2 nics and have transceivers to hook them to your BaseT network, take care of the layer 1 stuff first. Next, if the network is all unmanaged hubs, and your network is one gigantic broadcast domain, start installing switches to quiet down the network. Next, get VLANs/routing/security in place for Layer3/4. Next, work on the "upper layers" where all of your apps and data live and talk. Just my $0.02 worth. HTH, Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I Network Engineer AT&T Government Solutions, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Tuesday, July 23, 2002 9:07 PM To: [EMAIL PROTECTED] Subject: Here we go again ( Pix 515) [7:49492] Dear All, I am jumping into a similar mess as when I started at my current company, but this time the Macs out number the PC's. Well here is the scoop: 180 Macs 50 PC's Static Ip's No DHCP No FW Quick Mail Server and a whole bunch of other nasty things.. - They just purchases a Pix 515 - They just bought Exchange 5.5 My projects are: Set up DHCP Set up Pix Set up Private Addressing Set up Exchange Migrate them from Quick Mail etc etc I have done this before but maybe you guys can help as to how I should go about this the quickest. Thanks, Kevin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49499&t=49492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Here we go again ( Pix 515) [7:49492]
Hi Kelly, You are absolutely right, and I love your strategy. That is the way I did it 2 years ago, but the only thing now is finding a vpn solution for the Macs. I used Pix for the PC's last time round but never had to do this for the Mac's. Any ideas? >From: "Kelly Cobean" >Reply-To: "Kelly Cobean" >To: [EMAIL PROTECTED] >Subject: RE: Here we go again ( Pix 515) [7:49492] >Date: Wed, 24 Jul 2002 02:18:38 GMT > >Man, you aren't asking much, are you? ;-) > >Ok, here's the order I'd do things in... > >First things first, get that firewall in place. You don't list what their >internet connectivity is, but if they bought a PIX, it's safe to assume >that >they have a persistent connection, and that being true, they're really >hanging it out there for someone to cut off, so to speak. Network security >is always a primary concern, and the firewall won't take alot of time to >set >up. Not setting it up could be very costly. If they already have a >light(er)-weight firewall like a Linux host running IP chains or IP tables, >replacing this first will save your users down-time later because you can >pre-configure your internet rulebase/access in preparation for your private >addressing. > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, and >since your firewall is now in place, you can do the NAT/PAT translations as >needed and not have to rethink these later. > >Third, get Exchange up and running. If it's going on a different system >than Quick mail is running on, great! Now you can get them running in >parallel, and move users accounts over one at a time or in batches. There >are probably tools out there to do the mailbox format conversion. Now that >your network is secure at layer3/4, you can focus on the nitty-gritty of >the >user data. (Oh yeah, don't forget that backup!!!) > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and >support DHCP, so from an L3/4 standpoint, they're really no different than >your PC's. > >When doing multiple projects like this, I tend to work along the OSI model. >If the wiring is horrible, or the NIC's are all old 10Base2 nics and have >transceivers to hook them to your BaseT network, take care of the layer 1 >stuff first. Next, if the network is all unmanaged hubs, and your network >is one gigantic broadcast domain, start installing switches to quiet down >the network. Next, get VLANs/routing/security in place for Layer3/4. >Next, >work on the "upper layers" where all of your apps and data live and talk. >Just my $0.02 worth. > >HTH, >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I >Network Engineer >AT&T Government Solutions, Inc. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Kevin O'Gilvie >Sent: Tuesday, July 23, 2002 9:07 PM >To: [EMAIL PROTECTED] >Subject: Here we go again ( Pix 515) [7:49492] > > >Dear All, > >I am jumping into a similar mess as when I started at my current company, >but this time the Macs out number the PC's. Well here is the scoop: >180 Macs >50 PC's >Static Ip's >No DHCP >No FW >Quick Mail Server >and a whole bunch of other nasty things.. >- They just purchases a Pix 515 >- They just bought Exchange 5.5 > >My projects are: >Set up DHCP >Set up Pix >Set up Private Addressing >Set up Exchange >Migrate them from Quick Mail >etc etc >I have done this before but maybe you guys can help as to how I should go >about this the quickest. > >Thanks, > >Kevin > > >_ >Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49522&t=49492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
What's everybody's view on using the Pix as a DHCP server? I used it once, only because after arriving on site to install the Pix the customer mentioned that his old Firewall was doing DHCP and he had no plans to do it on anything else. Seemed to go fine, but would like to know if people have come across limitations/issues. I tend to agree with the view "Right box for the job", i.e. don't make the Pix do things it's not made for, but if pushed into the situation, how does it compare. Cheers, Gaz ""Kevin O'Gilvie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Kelly, > > You are absolutely right, and I love your strategy. > That is the way I did it 2 years ago, but the only thing now is finding a > vpn solution for the Macs. I used Pix for the PC's last time round but never > had to do this for the Mac's. Any ideas? > > > >From: "Kelly Cobean" > >Reply-To: "Kelly Cobean" > >To: [EMAIL PROTECTED] > >Subject: RE: Here we go again ( Pix 515) [7:49492] > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > >Man, you aren't asking much, are you? ;-) > > > >Ok, here's the order I'd do things in... > > > >First things first, get that firewall in place. You don't list what their > >internet connectivity is, but if they bought a PIX, it's safe to assume > >that > >they have a persistent connection, and that being true, they're really > >hanging it out there for someone to cut off, so to speak. Network security > >is always a primary concern, and the firewall won't take alot of time to > >set > >up. Not setting it up could be very costly. If they already have a > >light(er)-weight firewall like a Linux host running IP chains or IP tables, > >replacing this first will save your users down-time later because you can > >pre-configure your internet rulebase/access in preparation for your private > >addressing. > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, and > >since your firewall is now in place, you can do the NAT/PAT translations as > >needed and not have to rethink these later. > > > >Third, get Exchange up and running. If it's going on a different system > >than Quick mail is running on, great! Now you can get them running in > >parallel, and move users accounts over one at a time or in batches. There > >are probably tools out there to do the mailbox format conversion. Now that > >your network is secure at layer3/4, you can focus on the nitty-gritty of > >the > >user data. (Oh yeah, don't forget that backup!!!) > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and > >support DHCP, so from an L3/4 standpoint, they're really no different than > >your PC's. > > > >When doing multiple projects like this, I tend to work along the OSI model. > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and have > >transceivers to hook them to your BaseT network, take care of the layer 1 > >stuff first. Next, if the network is all unmanaged hubs, and your network > >is one gigantic broadcast domain, start installing switches to quiet down > >the network. Next, get VLANs/routing/security in place for Layer3/4. > >Next, > >work on the "upper layers" where all of your apps and data live and talk. > >Just my $0.02 worth. > > > >HTH, > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I > >Network Engineer > >AT&T Government Solutions, Inc. > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >Kevin O'Gilvie > >Sent: Tuesday, July 23, 2002 9:07 PM > >To: [EMAIL PROTECTED] > >Subject: Here we go again ( Pix 515) [7:49492] > > > > > >Dear All, > > > >I am jumping into a similar mess as when I started at my current company, > >but this time the Macs out number the PC's. Well here is the scoop: > >180 Macs > >50 PC's > >Static Ip's > >No DHCP > >No FW > >Quick Mail Server > >and a whole bunch of other nasty things.. > >- They just purchases a Pix 515 > >- They just bought Exchange 5.5 > > > >My projects are: > >Set up DHCP > >Set up Pix > >Set up Private Addressing > >Set up Exchange > >Migrate them from Quick Mail > >etc etc > >I have done this before but maybe you guys can help as to how I should go > >about this the quickest. > > > >Thanks, > > > >Kevin > > > > > >_ > >Send and receive Hotmail on your mobile device: http://mobile.msn.com > _ > Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49591&t=49492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Here we go again ( Pix 515) [7:49492]
I haven't used DHCP server on the PIX, reading the documentation it seems you gotta be careful with how many Active Hosts you'll have. Looks like some low end PIX's do only 32 Active Hosts. On the other hand, I suppose the only reason for having PIX do DHCP would be for small offices, where some of these number limitations should be no problem. There are obviously other drawbacks besides any scalability, I wouldn't want my LAN Windows Administrator touch the PIX just because he needs to check/clear the DHCP assignments :-( ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > What's everybody's view on using the Pix as a DHCP server? > > I used it once, only because after arriving on site to install the Pix the > customer mentioned that his old Firewall was doing DHCP and he had no plans > to do it on anything else. > Seemed to go fine, but would like to know if people have come across > limitations/issues. > > I tend to agree with the view "Right box for the job", i.e. don't make the > Pix do things it's not made for, but if pushed into the situation, how does > it compare. > > Cheers, > > Gaz > > ""Kevin O'Gilvie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Kelly, > > > > You are absolutely right, and I love your strategy. > > That is the way I did it 2 years ago, but the only thing now is finding a > > vpn solution for the Macs. I used Pix for the PC's last time round but > never > > had to do this for the Mac's. Any ideas? > > > > > > >From: "Kelly Cobean" > > >Reply-To: "Kelly Cobean" > > >To: [EMAIL PROTECTED] > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > >Man, you aren't asking much, are you? ;-) > > > > > >Ok, here's the order I'd do things in... > > > > > >First things first, get that firewall in place. You don't list what > their > > >internet connectivity is, but if they bought a PIX, it's safe to assume > > >that > > >they have a persistent connection, and that being true, they're really > > >hanging it out there for someone to cut off, so to speak. Network > security > > >is always a primary concern, and the firewall won't take alot of time to > > >set > > >up. Not setting it up could be very costly. If they already have a > > >light(er)-weight firewall like a Linux host running IP chains or IP > tables, > > >replacing this first will save your users down-time later because you can > > >pre-configure your internet rulebase/access in preparation for your > private > > >addressing. > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, and > > >since your firewall is now in place, you can do the NAT/PAT translations > as > > >needed and not have to rethink these later. > > > > > >Third, get Exchange up and running. If it's going on a different system > > >than Quick mail is running on, great! Now you can get them running in > > >parallel, and move users accounts over one at a time or in batches. > There > > >are probably tools out there to do the mailbox format conversion. Now > that > > >your network is secure at layer3/4, you can focus on the nitty-gritty of > > >the > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC > > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP > and > > >support DHCP, so from an L3/4 standpoint, they're really no different > than > > >your PC's. > > > > > >When doing multiple projects like this, I tend to work along the OSI > model. > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and have > > >transceivers to hook them to your BaseT network, take care of the layer 1 > > >stuff first. Next, if the network is all unmanaged hubs, and your > network > > >is one gigantic broadcast domain, start installing switches to quiet down > > >the network. Next, get VLANs/routing/security in place for Layer3/4. > > >Next, > > >work on the "upper layers" where all of your apps and data live and talk. > > >Just my $0.02 worth. > > > > > >HTH, > > >Kelly Cobean, CCNP, CCSA,
Re: Here we go again ( Pix 515) [7:49492]
I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin >From: "Gaz" >Reply-To: "Gaz" >To: [EMAIL PROTECTED] >Subject: Re: Here we go again ( Pix 515) [7:49492] >Date: Wed, 24 Jul 2002 22:37:12 GMT > >What's everybody's view on using the Pix as a DHCP server? > >I used it once, only because after arriving on site to install the Pix the >customer mentioned that his old Firewall was doing DHCP and he had no plans >to do it on anything else. >Seemed to go fine, but would like to know if people have come across >limitations/issues. > >I tend to agree with the view "Right box for the job", i.e. don't make the >Pix do things it's not made for, but if pushed into the situation, how does >it compare. > >Cheers, > >Gaz > >""Kevin O'Gilvie"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Kelly, > > > > You are absolutely right, and I love your strategy. > > That is the way I did it 2 years ago, but the only thing now is finding >a > > vpn solution for the Macs. I used Pix for the PC's last time round but >never > > had to do this for the Mac's. Any ideas? > > > > > > >From: "Kelly Cobean" > > >Reply-To: "Kelly Cobean" > > >To: [EMAIL PROTECTED] > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > >Man, you aren't asking much, are you? ;-) > > > > > >Ok, here's the order I'd do things in... > > > > > >First things first, get that firewall in place. You don't list what >their > > >internet connectivity is, but if they bought a PIX, it's safe to assume > > >that > > >they have a persistent connection, and that being true, they're really > > >hanging it out there for someone to cut off, so to speak. Network >security > > >is always a primary concern, and the firewall won't take alot of time >to > > >set > > >up. Not setting it up could be very costly. If they already have a > > >light(er)-weight firewall like a Linux host running IP chains or IP >tables, > > >replacing this first will save your users down-time later because you >can > > >pre-configure your internet rulebase/access in preparation for your >private > > >addressing. > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, >and > > >since your firewall is now in place, you can do the NAT/PAT >translations >as > > >needed and not have to rethink these later. > > > > > >Third, get Exchange up and running. If it's going on a different >system > > >than Quick mail is running on, great! Now you can get them running in > > >parallel, and move users accounts over one at a time or in batches. >There > > >are probably tools out there to do the mailbox format conversion. Now >that > > >your network is secure at layer3/4, you can focus on the nitty-gritty >of > > >the > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a >MAC > > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP >and > > >support DHCP, so from an L3/4 standpoint, they're really no different >than > > >your PC's. > > > > > >When doing multiple projects like this, I tend to work along the OSI >model. > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and >have > > >transceivers to hook them to your BaseT network, take care of the layer >1 > > >stuff first. Next, if the network is all unmanaged hubs, and your >network > > >is one gigantic broadcast domain, start installing switches to quiet >down > > >the network. Next, get VLANs/routing/security in place for Layer3/4. > > >Next, > > >work on the "upper layers" where all of your apps and data live and >talk. > > >Just my $0.02 worth. > > > > > >HTH, > > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I > > >Network Engineer > > >AT&T Government Solutions, Inc. > > > > > >-Original Message- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > >Kevin O'Gilvie > > >Sent: Tuesday, July 23, 2002
RE: Here we go again ( Pix 515) [7:49492]
Hey, No flames aginst NT admins. In these tuff times Network Admins need to know all FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. In order to survive. Like myself!! >From: Juan Blanco >Reply-To: [EMAIL PROTECTED] >To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] >Subject: RE: Here we go again ( Pix 515) [7:49492] >Date: Thu, 25 Jul 2002 11:14:08 -0400 > >Team, >The way I see it, dhcp on the firewall is only for small number of users, >when it comes to mid-size-up network you don't want to use a firewall for a >DHCPCan you see an NT administrator making changes in your firewall >because he/she is having problems with DHCP(This network will be >available to hackers in the Theater near You) > >My two cents. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Kevin O'Gilvie >Sent: Thursday, July 25, 2002 10:27 AM >To: [EMAIL PROTECTED] >Subject: Re: Here we go again ( Pix 515) [7:49492] > > >I wouldnt put dhcp on the firewall for 300 users. >But for 10 or 15 I would. > >Thanks, > >-Kevin > > > >From: "Gaz" > >Reply-To: "Gaz" > >To: [EMAIL PROTECTED] > >Subject: Re: Here we go again ( Pix 515) [7:49492] > >Date: Wed, 24 Jul 2002 22:37:12 GMT > > > >What's everybody's view on using the Pix as a DHCP server? > > > >I used it once, only because after arriving on site to install the Pix >the > >customer mentioned that his old Firewall was doing DHCP and he had no >plans > >to do it on anything else. > >Seemed to go fine, but would like to know if people have come across > >limitations/issues. > > > >I tend to agree with the view "Right box for the job", i.e. don't make >the > >Pix do things it's not made for, but if pushed into the situation, how >does > >it compare. > > > >Cheers, > > > >Gaz > > > >""Kevin O'Gilvie"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi Kelly, > > > > > > You are absolutely right, and I love your strategy. > > > That is the way I did it 2 years ago, but the only thing now is >finding > >a > > > vpn solution for the Macs. I used Pix for the PC's last time round but > >never > > > had to do this for the Mac's. Any ideas? > > > > > > > > > >From: "Kelly Cobean" > > > >Reply-To: "Kelly Cobean" > > > >To: [EMAIL PROTECTED] > > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > > > >Man, you aren't asking much, are you? ;-) > > > > > > > >Ok, here's the order I'd do things in... > > > > > > > >First things first, get that firewall in place. You don't list what > >their > > > >internet connectivity is, but if they bought a PIX, it's safe to >assume > > > >that > > > >they have a persistent connection, and that being true, they're >really > > > >hanging it out there for someone to cut off, so to speak. Network > >security > > > >is always a primary concern, and the firewall won't take alot of time > >to > > > >set > > > >up. Not setting it up could be very costly. If they already have a > > > >light(er)-weight firewall like a Linux host running IP chains or IP > >tables, > > > >replacing this first will save your users down-time later because you > >can > > > >pre-configure your internet rulebase/access in preparation for your > >private > > > >addressing. > > > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, > >and > > > >since your firewall is now in place, you can do the NAT/PAT > >translations > >as > > > >needed and not have to rethink these later. > > > > > > > >Third, get Exchange up and running. If it's going on a different > >system > > > >than Quick mail is running on, great! Now you can get them running >in > > > >parallel, and move users accounts over one at a time or in batches. > >There > > > >are probably tools out there to do the mailbox format conversion. >Now > >that > > > >your network is secure at layer3/4, you can focus on the nitty-gritty > >of > > > >the > > > &
RE: Here we go again ( Pix 515) [7:49492]
Team, The way I see it, dhcp on the firewall is only for small number of users, when it comes to mid-size-up network you don't want to use a firewall for a DHCPCan you see an NT administrator making changes in your firewall because he/she is having problems with DHCP(This network will be available to hackers in the Theater near You) My two cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin O'Gilvie Sent: Thursday, July 25, 2002 10:27 AM To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] I wouldnt put dhcp on the firewall for 300 users. But for 10 or 15 I would. Thanks, -Kevin >From: "Gaz" >Reply-To: "Gaz" >To: [EMAIL PROTECTED] >Subject: Re: Here we go again ( Pix 515) [7:49492] >Date: Wed, 24 Jul 2002 22:37:12 GMT > >What's everybody's view on using the Pix as a DHCP server? > >I used it once, only because after arriving on site to install the Pix the >customer mentioned that his old Firewall was doing DHCP and he had no plans >to do it on anything else. >Seemed to go fine, but would like to know if people have come across >limitations/issues. > >I tend to agree with the view "Right box for the job", i.e. don't make the >Pix do things it's not made for, but if pushed into the situation, how does >it compare. > >Cheers, > >Gaz > >""Kevin O'Gilvie"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Kelly, > > > > You are absolutely right, and I love your strategy. > > That is the way I did it 2 years ago, but the only thing now is finding >a > > vpn solution for the Macs. I used Pix for the PC's last time round but >never > > had to do this for the Mac's. Any ideas? > > > > > > >From: "Kelly Cobean" > > >Reply-To: "Kelly Cobean" > > >To: [EMAIL PROTECTED] > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > >Man, you aren't asking much, are you? ;-) > > > > > >Ok, here's the order I'd do things in... > > > > > >First things first, get that firewall in place. You don't list what >their > > >internet connectivity is, but if they bought a PIX, it's safe to assume > > >that > > >they have a persistent connection, and that being true, they're really > > >hanging it out there for someone to cut off, so to speak. Network >security > > >is always a primary concern, and the firewall won't take alot of time >to > > >set > > >up. Not setting it up could be very costly. If they already have a > > >light(er)-weight firewall like a Linux host running IP chains or IP >tables, > > >replacing this first will save your users down-time later because you >can > > >pre-configure your internet rulebase/access in preparation for your >private > > >addressing. > > > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, >and > > >since your firewall is now in place, you can do the NAT/PAT >translations >as > > >needed and not have to rethink these later. > > > > > >Third, get Exchange up and running. If it's going on a different >system > > >than Quick mail is running on, great! Now you can get them running in > > >parallel, and move users accounts over one at a time or in batches. >There > > >are probably tools out there to do the mailbox format conversion. Now >that > > >your network is secure at layer3/4, you can focus on the nitty-gritty >of > > >the > > >user data. (Oh yeah, don't forget that backup!!!) > > > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a >MAC > > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP >and > > >support DHCP, so from an L3/4 standpoint, they're really no different >than > > >your PC's. > > > > > >When doing multiple projects like this, I tend to work along the OSI >model. > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and >have > > >transceivers to hook them to your BaseT network, take care of the layer >1 > > >stuff first. Next, if the network is all unmanaged hubs, and your >network > > >is one gigantic broadcast domain, start installing switches to quiet >down > > >the network. Next, get VLANs/routing/security in p
Re: Here we go again ( Pix 515) [7:49492]
sorry, just couldn't resist - hahaha besides, if you're capable of doing all these multiple things with and on the networks, you're not just an NT guy even though your work title might say that :-) ""Kevin O'Gilvie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey, > > No flames aginst NT admins. > In these tuff times Network Admins need to know all > FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling.. > In order to survive. > Like myself!! > > > >From: Juan Blanco > >Reply-To: [EMAIL PROTECTED] > >To: 'Kevin O'Gilvie' , [EMAIL PROTECTED] > >Subject: RE: Here we go again ( Pix 515) [7:49492] > >Date: Thu, 25 Jul 2002 11:14:08 -0400 > > > >Team, > >The way I see it, dhcp on the firewall is only for small number of users, > >when it comes to mid-size-up network you don't want to use a firewall for a > >DHCPCan you see an NT administrator making changes in your firewall > >because he/she is having problems with DHCP(This network will be > >available to hackers in the Theater near You) > > > >My two cents. > > > >-Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >Kevin O'Gilvie > >Sent: Thursday, July 25, 2002 10:27 AM > >To: [EMAIL PROTECTED] > >Subject: Re: Here we go again ( Pix 515) [7:49492] > > > > > >I wouldnt put dhcp on the firewall for 300 users. > >But for 10 or 15 I would. > > > >Thanks, > > > >-Kevin > > > > > > >From: "Gaz" > > >Reply-To: "Gaz" > > >To: [EMAIL PROTECTED] > > >Subject: Re: Here we go again ( Pix 515) [7:49492] > > >Date: Wed, 24 Jul 2002 22:37:12 GMT > > > > > >What's everybody's view on using the Pix as a DHCP server? > > > > > >I used it once, only because after arriving on site to install the Pix > >the > > >customer mentioned that his old Firewall was doing DHCP and he had no > >plans > > >to do it on anything else. > > >Seemed to go fine, but would like to know if people have come across > > >limitations/issues. > > > > > >I tend to agree with the view "Right box for the job", i.e. don't make > >the > > >Pix do things it's not made for, but if pushed into the situation, how > >does > > >it compare. > > > > > >Cheers, > > > > > >Gaz > > > > > >""Kevin O'Gilvie"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi Kelly, > > > > > > > > You are absolutely right, and I love your strategy. > > > > That is the way I did it 2 years ago, but the only thing now is > >finding > > >a > > > > vpn solution for the Macs. I used Pix for the PC's last time round but > > >never > > > > had to do this for the Mac's. Any ideas? > > > > > > > > > > > > >From: "Kelly Cobean" > > > > >Reply-To: "Kelly Cobean" > > > > >To: [EMAIL PROTECTED] > > > > >Subject: RE: Here we go again ( Pix 515) [7:49492] > > > > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > > > > > > > >Man, you aren't asking much, are you? ;-) > > > > > > > > > >Ok, here's the order I'd do things in... > > > > > > > > > >First things first, get that firewall in place. You don't list what > > >their > > > > >internet connectivity is, but if they bought a PIX, it's safe to > >assume > > > > >that > > > > >they have a persistent connection, and that being true, they're > >really > > > > >hanging it out there for someone to cut off, so to speak. Network > > >security > > > > >is always a primary concern, and the firewall won't take alot of time > > >to > > > > >set > > > > >up. Not setting it up could be very costly. If they already have a > > > > >light(er)-weight firewall like a Linux host running IP chains or IP > > >tables, > > > > >replacing this first will save your users down-time later because you > > >can > > > > >pre-configure your internet rulebase/access in preparation for your > > >private > > > > >addressing. > >
RE: Here we go again ( Pix 515) [7:49492]
... works fine on my 501 at the casa, but I've not put it into production for a client. Like you said, "right box for the job". Mark -Original Message- From: Gaz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: Re: Here we go again ( Pix 515) [7:49492] What's everybody's view on using the Pix as a DHCP server? I used it once, only because after arriving on site to install the Pix the customer mentioned that his old Firewall was doing DHCP and he had no plans to do it on anything else. Seemed to go fine, but would like to know if people have come across limitations/issues. I tend to agree with the view "Right box for the job", i.e. don't make the Pix do things it's not made for, but if pushed into the situation, how does it compare. Cheers, Gaz ""Kevin O'Gilvie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Kelly, > > You are absolutely right, and I love your strategy. > That is the way I did it 2 years ago, but the only thing now is finding a > vpn solution for the Macs. I used Pix for the PC's last time round but never > had to do this for the Mac's. Any ideas? > > > >From: "Kelly Cobean" > >Reply-To: "Kelly Cobean" > >To: [EMAIL PROTECTED] > >Subject: RE: Here we go again ( Pix 515) [7:49492] > >Date: Wed, 24 Jul 2002 02:18:38 GMT > > > >Man, you aren't asking much, are you? ;-) > > > >Ok, here's the order I'd do things in... > > > >First things first, get that firewall in place. You don't list what their > >internet connectivity is, but if they bought a PIX, it's safe to assume > >that > >they have a persistent connection, and that being true, they're really > >hanging it out there for someone to cut off, so to speak. Network security > >is always a primary concern, and the firewall won't take alot of time to > >set > >up. Not setting it up could be very costly. If they already have a > >light(er)-weight firewall like a Linux host running IP chains or IP tables, > >replacing this first will save your users down-time later because you can > >pre-configure your internet rulebase/access in preparation for your private > >addressing. > > > >Next, I'd do the DHCP and Private Addressing. These go hand in hand, and > >since your firewall is now in place, you can do the NAT/PAT translations as > >needed and not have to rethink these later. > > > >Third, get Exchange up and running. If it's going on a different system > >than Quick mail is running on, great! Now you can get them running in > >parallel, and move users accounts over one at a time or in batches. There > >are probably tools out there to do the mailbox format conversion. Now that > >your network is secure at layer3/4, you can focus on the nitty-gritty of > >the > >user data. (Oh yeah, don't forget that backup!!!) > > > >It's a 10,000 foot view, but that's how I'd do it. I'm not really a MAC > >guy, but I'd venture a guess that most or all of your MAC's run TCP/IP and > >support DHCP, so from an L3/4 standpoint, they're really no different than > >your PC's. > > > >When doing multiple projects like this, I tend to work along the OSI model. > >If the wiring is horrible, or the NIC's are all old 10Base2 nics and have > >transceivers to hook them to your BaseT network, take care of the layer 1 > >stuff first. Next, if the network is all unmanaged hubs, and your network > >is one gigantic broadcast domain, start installing switches to quiet down > >the network. Next, get VLANs/routing/security in place for Layer3/4. > >Next, > >work on the "upper layers" where all of your apps and data live and talk. > >Just my $0.02 worth. > > > >HTH, > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I > >Network Engineer > >AT&T Government Solutions, Inc. > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > >Kevin O'Gilvie > >Sent: Tuesday, July 23, 2002 9:07 PM > >To: [EMAIL PROTECTED] > >Subject: Here we go again ( Pix 515) [7:49492] > > > > > >Dear All, > > > >I am jumping into a similar mess as when I started at my current company, > >but this time the Macs out number the PC's. Well here is the scoop: > >180 Macs > >50 PC's > >Static Ip's > >No DHCP > >No FW > >Quick Mail Server > >and a whole bunch of other nasty things.. > >
