Help Setting Up Secure Small Business Network with Static IPs?

I am setting up a small office network that is composed of the following:





Hardware:


- 1 Windows 2003 Enterprise server (R2)


- 3 to 5 Windows XP and Vista computers





Software / Services:


- An FTP site will be necessary for uploading files


- We will receive 5 static IPs from Verizon (DSL). One will be exclusively assigned to the FTP server.


- VPN using 2003 server





I have a basic idea of what needs to be done, but I am not too sure if this is the best way to do this.





I am planning on getting a firewall to go between the DSL modem and a router. However, I am not sure what kind of router/switch to use because I am not sure how to handle splitting the static IP addresses. The FTP server will need to reside on the 2003 server (either via IIS or Linux running in virtualization).





I also need to configure incoming VPN using Windows 2003 Server.





I would like to know what the Best Practices for this situation would be. I'm having a a hard time finding this info on the web.





Thank you!

Help Setting Up Secure Small Business Network with Static IPs?
Your application is a bit more heavyweight that most.





First, you should use a router to interface with with the ISP. You cannot use the household grade ones. With 5 static IP addresses and an FTP server, etc you need something more robust. Check out www.adtran.com for Adtran units. Feel free to contact their prepurchase support and they will help a lot.





I would use the router to interface with Verizon. I would dedicate one static IP for FTP and probably use a dedicated XP box for FTP (rather than risk hackers on my server). I would put the FTP server in the DMZ so the router should be DMZ capable.





I would have the router control the IPSec VPN at the router level as well.





Let the server address LAN DHCP; assign static IP to the router, the server, and probably to print servers and the FTP server.





The router can direct the public IP addresses appropriately but this is a configuration matter - part of the config you need to do. Adtran will help to a large degree.





Because this is heavyweight, you may wish to get technical support locally.
Reply:This will be a pretty easy setup for someone with experience, but you may want to find some local support. Here's what I would do...





Verizon modem -%26gt; Pix Firewall -%26gt; 8 port switch





The pix firewall will give you a great deal of protection, allow you to assign addresses and setup VPN as well. You won't need a router since you'll only have one network.





The outside interface of the Pix will be the WAN address provided by Verizon. A global NAT pool will be created using the static addresses from Verizon while the inside computers will actually use private addresses, such as 192.168.x.x.

impacted wisdom teeth