Solved

Complex VPN & Firewall question

Posted on 2000-05-09
5
193 Views
Last Modified: 2010-04-17
Experts:

I have a Cisco 1750 router that currently has a frame relay connection via T1 to a remote site.  My client want to put in a second WAN card and install VPN service, so that people can reach this device from the Internet.  A firewall needs to be installed on the router, which I assume will be using NAT for the internal network and Context Based Access lists to monitor traffic.  What pitfalls am I going to run into with trying to use a firewall, VPN, and CBAC on the same router?  Can this even be done?  Any advice would be great.
0
Comment
Question by:Silas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
ID: 2804249
Hi
yes it can be done, you need a feature set that supports all of the features required. This in turn will need 8Mb Flash and 24MB Dram.
I would suggest using the router for VPN and WAN termination, backed by a separate firewall (PIX) for security.
If you use a single box and it is compromised.....
If you use the 1750 to protect the firewall and the firewall to protect the network, and a syslog server to see who is "knocking at the door" you should be able to get a secure system together.
0
 

Author Comment

by:Silas
ID: 2807223
Will the dial-in clients receive a private address from the internal network when they dial in -does the router pass authentication on to a different machine?  Will the clients receive an address from the global address pool?  How is the going to work?
0
 
LVL 13

Expert Comment

by:hstiles
ID: 2810480
If the clients are dialling in via a VPN tunnel, then surely they will be assigned an address by an ISP?
0
 

Author Comment

by:Silas
ID: 2812506
who authenticates these clients then?  Does the router authenticate them?  Do I have to put firewalls and content-based access-lists all over the place?
0
 

Accepted Solution

by:
enyce earned 200 total points
ID: 2830592
I would do NAT on the router which would require the feature pack or you can do NAT on a hardware device such as a sonicwall. Which would act as you firewall and NAT device. The more access-lists and translations you do on the router the slower its gonna be. With the VPN a hardware device such as a VPnet box could be used to authenticate users though a VPN client.
www.sonicsys.com   www.vpnet.com

Good Luck
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question