Complex VPN & Firewall question


I have a Cisco 1750 router that currently has a frame relay connection via T1 to a remote site.  My client want to put in a second WAN card and install VPN service, so that people can reach this device from the Internet.  A firewall needs to be installed on the router, which I assume will be using NAT for the internal network and Context Based Access lists to monitor traffic.  What pitfalls am I going to run into with trying to use a firewall, VPN, and CBAC on the same router?  Can this even be done?  Any advice would be great.
Who is Participating?
enyceConnect With a Mentor Commented:
I would do NAT on the router which would require the feature pack or you can do NAT on a hardware device such as a sonicwall. Which would act as you firewall and NAT device. The more access-lists and translations you do on the router the slower its gonna be. With the VPN a hardware device such as a VPnet box could be used to authenticate users though a VPN client.

Good Luck
yes it can be done, you need a feature set that supports all of the features required. This in turn will need 8Mb Flash and 24MB Dram.
I would suggest using the router for VPN and WAN termination, backed by a separate firewall (PIX) for security.
If you use a single box and it is compromised.....
If you use the 1750 to protect the firewall and the firewall to protect the network, and a syslog server to see who is "knocking at the door" you should be able to get a secure system together.
SilasAuthor Commented:
Will the dial-in clients receive a private address from the internal network when they dial in -does the router pass authentication on to a different machine?  Will the clients receive an address from the global address pool?  How is the going to work?
If the clients are dialling in via a VPN tunnel, then surely they will be assigned an address by an ISP?
SilasAuthor Commented:
who authenticates these clients then?  Does the router authenticate them?  Do I have to put firewalls and content-based access-lists all over the place?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.