PIX 501 VPN plus Colocation firewalling project - suggestions?

Discussion in 'Cisco' started by John Smith, Oct 17, 2003.

  1. John Smith

    John Smith Guest


    I have never set up any Cisco equipment, and am overwhelmed by the
    700+ page Cisco book I got to help me. Does anyone have any pointers
    to a step-by-step guide to set up the following, or something close to

    I am setting up a website at a colocation facility. The hardware
    consists of three Dell servers running Windows Server 2003 Web
    Edition. Here's what the servers will do:

    #1 Webserver - will run ASP.NET
    #2 Database - will run MSDE (the stripped down version of SQL Server
    #3 Page - will run Windows Service to build web pages dynamically, at
    request of machine #1

    Here's the physical layout of hardware I have in mind at the Colo, in
    the order the machines will be:

    Colo ISP Internet connectivity
    Cisco PIX 501
    Dell #1, plugged into the built in switch on the 501 immediately above
    Cisco PIX 501
    Dell #2 and Dell #3, plugged into built in switch on the 501
    immediately above

    I want to administer all this hardware remotely from my office, where
    I have a DSL connection with a fixed IP address. I want to use
    Terminal Services for Remote Administration over a VPN to do this
    remote administration. I want to be able to connect to MSDE from my
    office via the VPN - so I can use SQL Server Enterprise Manager with
    MSDE. I can't install the client tools for SQL Server on the Colo
    database server.

    The first 501 will allow in http and https traffic, and allow out smtp
    traffic, so I can send email.

    The second 501 will allow in SQL Server traffic and MSMQ traffic and
    allow FTP out, so the Dell server #3 can post the web pages it
    dynamically creates via FTP to Dell #1, which I have been told is the
    best way to copy files through a firewall.

    The reason I am using 2 501s is that this site will have low traffic,
    but needs to be secure. I bought 2 501s for just US $800 with 3DES.
    This is much less costly than a PIX that has three interfaces. The
    501s support 875 connections, which is still way more than I need, but
    that's the smallest firewall Cisco offers.

    Any suggestions on how to set this up?


    John Smith, Oct 17, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.