cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
188
Views
0
Helpful
0
Replies
Beginner

VLAN set-up

Hi everyone,

First I would like to introduice myself. I have been working for 1,5j in the IT after my bachelor diploma. During this course I have learned CCNA and found it very interesting, but also quite difficult. I love managing an infrastructure and like everything really controlled and seperated. Most of the time I implement small networks for the SMB-market, so I do both system management as network management. (Network management to the minimum)

Last week was the first time in 1,5j I worked with cisco equipment and to be honest, it was really nice to use the CLI again. I am not very good at it (except for the basic command), but I think I will be going for my CCNA since networks are very interesting.

Now for my question. We had a project with a larger company which has many office all over the world. The previous week we were setting up a VPN-connection to a different site in Denmark (in collaboration with an IT-er of this site). The firewall we are using is an ASA5505.

We came into the following problem: Only 2 desktops of the entire organisation need to have internet access (the desktops in the warehouse may not browse the internet) but all the devices should have access to the local printers. Also: all of the printers need to be accessed by servers in Denmark from the other sites over the VPN-connection.

I have made a visio drawing of my proposition to do this, but I am not sure if this is the best solution (looking at best practices). Could someone please review it and give some notes about my set-up?

Additional Questions:

  • Isn’t better to make 1 trunk to switch and seperate vlans on switch? What about management?
  • This switch is at the moment connected with a fiber connection to a different office. This office has an mpls connection to the site in Denmark. At the moment the fiber is used for access to the servers, but the whole point of this VPN-connection to the site in Denmark is to cut this fiber and let their connection be fully seperated. When any problems occur, this fiber can be reactivated, so we also keep this in mind for seperating the network.
  • Question not related to this set-up, but when I was inside the local network I tried to RDP to a server of another company over port 15000, but was unable to. Is there an access rule I need to add on the ASA5505? I thought outgoing requests were not blocked by the firewall, only incoming?
    And what if I 1000 customers and have configured a different port on their firewall to be forwarded to 3389 on the server.. Do I need to allow all of these ports on our ASA5505?

I hope everything is clear about this set-up and you could give me the best scenario. We have also bought the Security plus license on the ASA5505 for trunking and multiple VLANs.

Kind regards,

Sven

Everyone's tags (5)
CreatePlease to create content
Content for Community-Ad