Skip to content

Help Setting Up Secure Small Business Network With Static Ips?

I am setting up a small office network that is composed of the following:
Hardware:
- 1 Windows 2003 Enterprise server (R2)
- 3 to 5 Windows XP and Vista computers
Software / Services:
- An FTP site will be necessary for uploading files
- We will receive 5 static IPs from Verizon (DSL). One will be exclusively assigned to the FTP server.
- VPN using 2003 server
I have a basic idea of what needs to be done, but I am not too sure if this is the best way to do this.
I am planning on getting a firewall to go between the DSL modem and a router. However, I am not sure what kind of router/switch to use because I am not sure how to handle splitting the static IP addresses. The FTP server will need to reside on the 2003 server (either via IIS or Linux running in virtualization).
I also need to configure incoming VPN using Windows 2003 Server.
I would like to know what the Best Practices for this situation would be. I’m having a a hard time finding this info on the web.
Thank you!

Related posts:

  1. What Are The Steps To Setting Up A Server With No-ip.com?
  2. Best Practice For Setting Up Development Network?
  3. Is It Possible To Make Resource Sharing Between Local Host And The Virtual Network?
  4. Networking Between 2 Computers Running Virtual Pc 2007?
  5. Vmware Workstation Version 4.1 Network Problem?

Posted on Monday, April 27, 2009, at 7:01 pm. Filed under virtualization. Tagged , , , , , , , . Bookmark the permalink. Follow comments here with the RSS feed. Comments are closed, but you can leave a trackback.

2 Comments

  1. GTB wrote:

    Your application is a bit more heavyweight that most.
    First, you should use a router to interface with with the ISP. You cannot use the household grade ones. With 5 static IP addresses and an FTP server, etc you need something more robust. Check out http://www.adtran.com for Adtran units. Feel free to contact their prepurchase support and they will help a lot.
    I would use the router to interface with Verizon. I would dedicate one static IP for FTP and probably use a dedicated XP box for FTP (rather than risk hackers on my server). I would put the FTP server in the DMZ so the router should be DMZ capable.
    I would have the router control the IPSec VPN at the router level as well.
    Let the server address LAN DHCP; assign static IP to the router, the server, and probably to print servers and the FTP server.
    The router can direct the public IP addresses appropriately but this is a configuration matter – part of the config you need to do. Adtran will help to a large degree.
    Because this is heavyweight, you may wish to get technical support locally.

    Monday, April 27, 2009 at 7:01 pm | Permalink
  2. escontra wrote:

    This will be a pretty easy setup for someone with experience, but you may want to find some local support. Here’s what I would do…
    Verizon modem -> Pix Firewall -> 8 port switch
    The pix firewall will give you a great deal of protection, allow you to assign addresses and setup VPN as well. You won’t need a router since you’ll only have one network.
    The outside interface of the Pix will be the WAN address provided by Verizon. A global NAT pool will be created using the static addresses from Verizon while the inside computers will actually use private addresses, such as 192.168.x.x.

    Monday, April 27, 2009 at 7:01 pm | Permalink
Powered by Yahoo! Answers