Solved

Complex VPN & Firewall question

Posted on 2000-05-09
5
183 Views
Last Modified: 2010-04-17
Experts:

I have a Cisco 1750 router that currently has a frame relay connection via T1 to a remote site.  My client want to put in a second WAN card and install VPN service, so that people can reach this device from the Internet.  A firewall needs to be installed on the router, which I assume will be using NAT for the internal network and Context Based Access lists to monitor traffic.  What pitfalls am I going to run into with trying to use a firewall, VPN, and CBAC on the same router?  Can this even be done?  Any advice would be great.
0
Comment
Question by:Silas
5 Comments
 

Expert Comment

by:paul<!-773E4EC9FB6F119639C3541451B90293-->
Comment Utility
Hi
yes it can be done, you need a feature set that supports all of the features required. This in turn will need 8Mb Flash and 24MB Dram.
I would suggest using the router for VPN and WAN termination, backed by a separate firewall (PIX) for security.
If you use a single box and it is compromised.....
If you use the 1750 to protect the firewall and the firewall to protect the network, and a syslog server to see who is "knocking at the door" you should be able to get a secure system together.
0
 

Author Comment

by:Silas
Comment Utility
Will the dial-in clients receive a private address from the internal network when they dial in -does the router pass authentication on to a different machine?  Will the clients receive an address from the global address pool?  How is the going to work?
0
 
LVL 13

Expert Comment

by:hstiles
Comment Utility
If the clients are dialling in via a VPN tunnel, then surely they will be assigned an address by an ISP?
0
 

Author Comment

by:Silas
Comment Utility
who authenticates these clients then?  Does the router authenticate them?  Do I have to put firewalls and content-based access-lists all over the place?
0
 

Accepted Solution

by:
enyce earned 200 total points
Comment Utility
I would do NAT on the router which would require the feature pack or you can do NAT on a hardware device such as a sonicwall. Which would act as you firewall and NAT device. The more access-lists and translations you do on the router the slower its gonna be. With the VPN a hardware device such as a VPnet box could be used to authenticate users though a VPN client.
www.sonicsys.com   www.vpnet.com

Good Luck
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now