I need to be pointed in the right direction.

tibbys96ztibbys96z Member Posts: 2 ■□□□□□□□□□
I'm researching how to setup a secure webserver. This is just something I've never done with secure data so want to make sure it is correct.
My goal is to setup a vlan_2 (172.16.1.1)on an HP ProCurve 2510G-24 with a single server running my website (webserver (172.16.1.2)). The HP also contains all other servers (dhcp, dns, ftp, backup) on the default vlan_1 (192.168.0.12). This switch is connected directly to a Cisco Catalyst 2960G-48 (192.168.0.10) running default setup. This connects to the PIX 506e. I've got the pix setup ready with an acl and static route to my desired 172.16.1.2 ip for the server. I just can't seem to get the switches to work for me.
I would like to be able to access the webserver from any internal server or workstation also. I just want better protection from outside by putting the webserver in a vlan on a different subnet.
Am I way off base with my goal?
This will be a webserver for a secure application I've been building. I've never setup the network side.

Comments

  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    Is your PIX connected to the internet? If so, you have three networks with only two interfaces on the PIX. Can you put subinterfaces on a PIX?
  • tibbys96ztibbys96z Member Posts: 2 ■□□□□□□□□□
    dynamik wrote: »
    Is your PIX connected to the internet? If so, you have three networks with only two interfaces on the PIX. Can you put subinterfaces on a PIX?
    Yes sir, the PIX is connected to the internet. I'm not sure if you can put subinterfaces on a PIX, but I'm guessing not.

    I now have the vlan setup on just the HP switch. I can ping the vlan and vlan'd webserver, but can't connect to file shares. The vlan can't ping the primary network, but that is what I want.
    I've setup my website in IIS now and it is available on the local server, but I can't connect to it from the primary network. Still troubleshooting. If my pea brain is correct, I should be able to connect to the website from any workstation inside my firewall. So far a no go.
Sign In or Register to comment.