RE: PIX and WIN NT Proxy Server.

2000-08-09 Thread Dingeldey, Michael 
Title: RE: PIX and WIN NT Proxy Server.





We are trying to deploy the PIX 520 with Windows NT Proxy
servers for authentication and Caching. Could anyone who
has done this point me to the Pros and Cons of this. Any
Web site or white paper would be extremely helpfull.


From what I have implemented (and seen), this has been a
fairly common setup. By implementing MS Proxy as a cache
server (be sure to use a single NIC and NO rules), you
will be able to cache all the common (static) pages that
all your users visit; this will improve response times and
potentially increase your available bandwidth. MS Proxy
does operate as a pretty good cache.


Of course, there are a couple of added benefits too -
If you require all users to be authenticated via the
proxy server (say were using SOCKS), you can configure the
PIX so that it will only allow outbound traffic from a 
specific IP address, thereby conserving your connection count
(you essentially allow only one address to access the internet).
Using a cache server makes certain administrative tasks easier
as well, especially if you have to block access to various
sites (either directly or via WebSence).


There are a couple of things to keep in mind. Depending on 
how everything is configured, you may need to install and
configure a DNS caching server. If you are using PrivateI,
some of your reports may break - since a cache is installed,
there will only be one originating address.


If you need any white papers, you might want to go out and
search CCO (sorry, I don't have any of that information
bookmaarked).


As to other Pros and Cons, all I can say is that it depends
on what you *really* want to do. Sorry.


HTH.


Michael Dingeldey CCDA, CCNP
Senior Network Engineer
Interactive Business Systems
Ph: (734) 542-9137
Fx: (734) 542-9149

Re: PIX and WIN NT Proxy Server.

2000-08-09 Thread Khalid Ahmed 
Title: RE: PIX and WIN NT Proxy Server.



Michael, thanks a lot for your detailed response. 
This is what makes this list great.


Regards.Khalid Ahmed.[EMAIL PROTECTED]

  - Original Message - 
  From: 
  Dingeldey, Michael 
  To: '[EMAIL PROTECTED]' 
  Cc: '[EMAIL PROTECTED]' 
  Sent: Wednesday, August 09, 2000 10:04 
  AM
  Subject: RE: PIX and WIN NT Proxy 
  Server.
  
  We are trying to deploy the PIX 520 with Windows NT 
  Proxy servers for authentication and Caching. 
  Could anyone who has done this point me to the 
  Pros and Cons of this. Any Web site or white paper 
  would be extremely helpfull. 
  From what I have implemented (and seen), this has been 
  a fairly common setup. By implementing MS Proxy as a 
  cache server (be sure to use a single NIC and NO 
  rules), you will be able to cache all the common 
  (static) pages that all your users visit; this will 
  improve response times and potentially increase your 
  available bandwidth. MS Proxy does operate as a pretty 
  good cache. 
  Of course, there are a couple of added benefits too - 
  If you require all users to be authenticated via the 
  proxy server (say were using SOCKS), you can configure 
  the PIX so that it will only allow outbound traffic 
  from a specific IP address, thereby conserving your 
  connection count (you essentially allow only one 
  address to access the internet). Using a cache server 
  makes certain administrative tasks easier as well, 
  especially if you have to block access to various sites (either directly or via WebSence). 
  There are a couple of things to keep in mind. Depending on 
  how everything is configured, you may need to install 
  and configure a DNS caching server. If you are using 
  PrivateI, some of your reports may break - since a 
  cache is installed, there will only be one originating 
  address. 
  If you need any white papers, you might want to go out 
  and search CCO (sorry, I don't have any of that 
  information bookmaarked). 
  As to other Pros and Cons, all I can say is that it 
  depends on what you *really* want to do. Sorry. 
  
  HTH. 
  Michael Dingeldey CCDA, CCNP 
  Senior Network Engineer Interactive 
  Business Systems Ph: (734) 542-9137 Fx: (734) 542-9149