GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Here we go again ( Pix 515) [7:49492] posted 07/25/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


sorry, just couldn't resist - hahaha

besides, if you're capable of doing all these multiple things with and on
the networks,
you're not just an NT guy even though your work title might say that :-)

""Kevin O'Gilvie""  wrote in message
news:200207251521.PAA11711@xxxxxxxxxxxxxxxxx
> Hey,
>
> No flames aginst NT admins.
> In these tuff times Network Admins need to know all
> FW's, Servers, PC's, Mac's, Switches, Routers, even Cabling..
> In order to survive.
> Like myself!!
>
>
> >From: Juan Blanco
> >Reply-To: blancoj@xxxxxxxxxxxxx
> >To: 'Kevin O'Gilvie' , cisco@xxxxxxxxxxxxxx
> >Subject: RE: Here we go again ( Pix 515) [7:49492]
> >Date: Thu, 25 Jul 2002 11:14:08 -0400
> >
> >Team,
> >The way I see it, dhcp on the firewall is only for small number of users,
> >when it comes to mid-size-up network you don't want to use a firewall for
a
> >DHCP....Can you see an NT administrator making changes in your firewall
> >because he/she is having problems with DHCP....(This network will be
> >available to hackers in the Theater near You)....
> >
> >My two cents.....
> >
> >-----Original Message-----
> >From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of
> >Kevin O'Gilvie
> >Sent: Thursday, July 25, 2002 10:27 AM
> >To: cisco@xxxxxxxxxxxxxx
> >Subject: Re: Here we go again ( Pix 515) [7:49492]
> >
> >
> >I wouldnt put dhcp on the firewall for 300 users.
> >But for 10 or 15 I would.
> >
> >Thanks,
> >
> >-Kevin
> >
> >
> > >From: "Gaz"
> > >Reply-To: "Gaz"
> > >To: cisco@xxxxxxxxxxxxxx
> > >Subject: Re: Here we go again ( Pix 515) [7:49492]
> > >Date: Wed, 24 Jul 2002 22:37:12 GMT
> > >
> > >What's everybody's view on using the Pix as a DHCP server?
> > >
> > >I used it once, only because after arriving on site to install the Pix
> >the
> > >customer mentioned that his old Firewall was doing DHCP and he had no
> >plans
> > >to do it on anything else.
> > >Seemed to go fine, but would like to know if people have come across
> > >limitations/issues.
> > >
> > >I tend to agree with the view "Right box for the job", i.e. don't make
> >the
> > >Pix do things it's not made for, but if pushed into the situation, how
> >does
> > >it compare.
> > >
> > >Cheers,
> > >
> > >Gaz
> > >
> > >""Kevin O'Gilvie""  wrote in message
> > >news:200207241355.NAA15096@xxxxxxxxxxxxxxxxx
> > > > Hi Kelly,
> > > >
> > > > You are absolutely right, and I love your strategy.
> > > > That is the way I did it 2 years ago, but the only thing now is
> >finding
> > >a
> > > > vpn solution for the Macs. I used Pix for the PC's last time round
but
> > >never
> > > > had to do this for the Mac's. Any ideas?
> > > >
> > > >
> > > > >From: "Kelly Cobean"
> > > > >Reply-To: "Kelly Cobean"
> > > > >To: cisco@xxxxxxxxxxxxxx
> > > > >Subject: RE: Here we go again ( Pix 515) [7:49492]
> > > > >Date: Wed, 24 Jul 2002 02:18:38 GMT
> > > > >
> > > > >Man, you aren't asking much, are you? ;-)
> > > > >
> > > > >Ok, here's the order I'd do things in...
> > > > >
> > > > >First things first, get that firewall in place.  You don't list
what
> > >their
> > > > >internet connectivity is, but if they bought a PIX, it's safe to
> >assume
> > > > >that
> > > > >they have a persistent connection, and that being true, they're
> >really
> > > > >hanging it out there for someone to cut off, so to speak.  Network
> > >security
> > > > >is always a primary concern, and the firewall won't take alot of
time
> > >to
> > > > >set
> > > > >up.  Not setting it up could be very costly.  If they already have
a
> > > > >light(er)-weight firewall like a Linux host running IP chains or IP
> > >tables,
> > > > >replacing this first will save your users down-time later because
you
> > >can
> > > > >pre-configure your internet rulebase/access in preparation for your
> > >private
> > > > >addressing.
> > > > >
> > > > >Next, I'd do the DHCP and Private Addressing.  These go hand in
hand,
> > >and
> > > > >since your firewall is now in place, you can do the NAT/PAT
> > >translations
> > >as
> > > > >needed and not have to rethink these later.
> > > > >
> > > > >Third, get Exchange up and running.  If it's going on a different
> > >system
> > > > >than Quick mail is running on, great!  Now you can get them running
> >in
> > > > >parallel, and move users accounts over one at a time or in batches.
> > >There
> > > > >are probably tools out there to do the mailbox format conversion.
> >Now
> > >that
> > > > >your network is secure at layer3/4, you can focus on the
nitty-gritty
> > >of
> > > > >the
> > > > >user data. (Oh yeah, don't forget that backup!!!)
> > > > >
> > > > >It's a 10,000 foot view, but that's how I'd do it.  I'm not really
a
> > >MAC
> > > > >guy, but I'd venture a guess that most or all of your MAC's run
> >TCP/IP
> > >and
> > > > >support DHCP, so from an L3/4 standpoint, they're really no
different
> > >than
> > > > >your PC's.
> > > > >
> > > > >When doing multiple projects like this, I tend to work along the
OSI
> > >model.
> > > > >If the wiring is horrible, or the NIC's are all old 10Base2 nics
and
> > >have
> > > > >transceivers to hook them to your BaseT network, take care of the
> >layer
> > >1
> > > > >stuff first.  Next, if the network is all unmanaged hubs, and your
> > >network
> > > > >is one gigantic broadcast domain, start installing switches to
quiet
> > >down
> > > > >the network.  Next, get VLANs/routing/security in place for
Layer3/4.
> > > > >Next,
> > > > >work on the "upper layers" where all of your apps and data live and
> > >talk.
> > > > >Just my $0.02 worth.
> > > > >
> > > > >HTH,
> > > > >Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I
> > > > >Network Engineer
> > > > >AT&T Government Solutions, Inc.
> > > > >
> > > > >-----Original Message-----
> > > > >From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf
> >Of
> > > > >Kevin O'Gilvie
> > > > >Sent: Tuesday, July 23, 2002 9:07 PM
> > > > >To: cisco@xxxxxxxxxxxxxx
> > > > >Subject: Here we go again ( Pix 515) [7:49492]
> > > > >
> > > > >
> > > > >Dear All,
> > > > >
> > > > >I am jumping into a similar mess as when I started at my current
> > >company,
> > > > >but this time the Macs out number the PC's. Well here is the scoop:
> > > > >180 Macs
> > > > >50 PC's
> > > > >Static Ip's
> > > > >No DHCP
> > > > >No FW
> > > > >Quick Mail Server
> > > > >and a whole bunch of other nasty things..
> > > > >- They just purchases a Pix 515
> > > > >- They just bought Exchange 5.5
> > > > >
> > > > >My projects are:
> > > > >Set up DHCP
> > > > >Set up Pix
> > > > >Set up Private Addressing
> > > > >Set up Exchange
> > > > >Migrate them from Quick Mail
> > > > >etc etc
> > > > >I have done this before but maybe you guys can help as to how I
> >should
> > >go
> > > > >about this the quickest.
> > > > >
> > > > >Thanks,
> > > > >
> > > > >Kevin
> > > > >
> > > > >
> > > > >_________________________________________________________________
> > > > >Send and receive Hotmail on your mobile device:
http://mobile.msn.com
> > > > _________________________________________________________________
> > > > Send and receive Hotmail on your mobile device:
http://mobile.msn.com
> >_________________________________________________________________
> >Join the worlds largest e-mail service with MSN Hotmail.
> >http://www.hotmail.com
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=49681&t=49492
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx