Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
We are looking to install a leased line at our head office and are being asked how many IP addresses we'd like and our proposed intentions, i.e
1x VPN
1x Exchange
1x File Server
etc
What benefit does splitting the traffic carry? As they are all coming down the same pipe, I cant imagine theres any speed improvements? Is it just a way of keeping things neat and tidy?
Also, how Is it likely to be processed at the office end, i.e will the router forward this traffic to the right server etc?
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
Neat and tidy. I have all my Enterprise VPN's down one IP, Exchange on another, Externally facing devices on another etc etc.
Just makes the firewall easier to manage and can see the traffic on each IP a lot better.
You'll still need a firewall to manage it all, unless you give the provider your internal IP's and they do the mapping which seems odd.
[Edited on 24-09-2014 by VrsTurbo]
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
I've always dumped Exchange on it's own IP and everything else on another or if i've got spare IP's then i split services across them like VRS mentions.
And you're router/firewall would do the IP/address mapping from WAN to internal addresses.
I wouldn't have thought you'd need to make your file server externally facing though, not when remote users will have VPN access 
[Edited on 24-09-2014 by Dom]
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
File server maybe external due to Direct Access, but then again thats not needed if using a vpn.
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Exchange on one, DirectAccess on another, website services on another.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
For small business/couple of server type setups I just use 1. Anything with multiple ports going to multiple servers, I split it up.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
Some services should have their own IP address, VPN and Mail server being a good example. Other services such as a bunch of websites hosted on different domains can use the same IP.
Try and get a nice allocation of IP addreses with your line (8 or 16 IPs), they may ask you to fill out a RIPE form to justify your allocation, you can generally fill this with bollocks and get some IPs.
|
Neo
Member
Registered: 20th Feb 07
Location: Essex
User status: Offline
|
quote:
Originally posted by willay
they may ask you to fill out a RIPE form to justify your allocation, you can generally fill this with bollocks and get some IPs.
This, I usually add stuff like WANVPN, IPSEC VPN, Bespoke application 1, MGMT to make up the numbers.
|
Kyle T
Premium Member
Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
|
I'm doing a bunch of small office/production facility type deployments here in the US and we've been requesting /29 networks with 6 host addresses:
DGW of the ISP
VPN Endpoint for Clients
VPN Endpoint for tunnels to other sites
SIP Trunk endpoint for VOIP
<2 spares, one of which will be a video conference suite at the main office>
They're using Exchange Online so that's not a consideration, and they aren't hosting anything for public consumption.
Lotus Elise 111R
Impreza WRX STi
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
a separate IP for VPN Clients and VPN tunnels? are they separate devices or something?
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Yeah that form is bollocks, just fill it in as suggested to get more than you need.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by willay
a separate IP for VPN Clients and VPN tunnels? are they separate devices or something?
Site-to-Site tunnels i imagine; can't say i've used a dedicated address for that, usually i just bung it with other services.
Having seen some installations, some folk do take the absolute piss with the number of addresses they request; it's no wonder we're running out of IPv4 
Speaking of which, and a slight de-rail, has anyone made the transition to IPv6 (or at least run/use it to some extent on their networks)?
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
Managed to get 10 IP addresses in total.
Just made up a load of stuff mentioning services we don't have and they've just agreed to it, so happy with that.
|
Kyle T
Premium Member
Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
|
Separate devices Willay. Cisco doing the tunnels, checkpoint doing the clients... It's the nature of the way we phased the deployments.
Lotus Elise 111R
Impreza WRX STi
|
