Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Using a router for security

I would like to know if I can use a router, to do the functions of ASA , IDS ? and also VPN.?
if so which router series and IOS are able to do the similar functions.

thanks
0
jskfan
Asked:
jskfan
  • 2
  • 2
2 Solutions
 
zazagorCommented:
Hi,

Here is a link to "How to chose IOS":
http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_tech_note09186a00800fb9d9.shtml
I would suggest Cisco 1721.
The Cisco 1721 router is part of the end-to-end Cisco VPN solution. VPNs create secure connections via the Internet to connect geographically dispersed offices, business partners, and remote users while providing security, traffic prioritization, management, and reliability equal to that of private networks.

By supporting industry standards, IPSec, Layer 2 Tunneling Protocol (L2TP), and DES and 3DES, the Cisco 1721 router delivers robust VPN solutions to ensure data privacy, integrity, and authenticity.

The optional VPN hardware encryption module for the Cisco 1721 router further optimizes VPN encryption performance. By offloading encryption tasks to the VPN module, the router processor is freed to handle other operations. The VPN module accelerates the rate at which encryption occurs, speeding the process of transmitting secure data, a critical factor when using 3DES encryption.

The Cisco 1721 router offers integrated security features, including stateful inspection firewall functionality and IDS as an optional Cisco IOS Software feature. By deploying Cisco IOS Software firewall functionality, customers do not need to purchase or manage multiple devices, thus simplifying network management and reducing capital costs. Additionally, remote management applications, such as Cisco Security Device Manager (SDM), make it easier than ever to deploy and monitor Cisco IOS Firewall and VPN on your Cisco 1721 router.

Cisco IOS Software firewall security features include access control lists (ACLs), user Authentication, Authorization, and Accounting (such as Password Authentication Protocol/Challenge Handshake Authentication Protocol [PAP/CHAP], TACACS+, and Remote Access Dial-In User Service [RADIUS]). These security features provide the optimal level of firewall protection to customers.

The Cisco 1700 Series routers support the Cisco Easy VPN Remote feature that allows the routers to act as remote VPN clients. As such, these devices can receive predefined security policies from the headquarters' VPN head-end, thus minimizing configuration of VPN parameters at the remote locations. This solution makes deploying VPN simpler for remote offices with little IT support or for large deployments where it is impractical to individually configure multiple remote devices. While customers wishing to deploy and manage site-to-site VPN would benefit from Cisco Easy VPN Remote because of its simplification of VPN deployment and management, managed VPN service providers and enterprises who must deploy and manage numerous remote sites and branch offices with Cisco IOS routers for VPN will realize the greatest benefit.

The Cisco 1700 Series routers also support the Cisco Easy VPN Server feature that allows a Cisco 1700 router to act as a VPN head-end device. In site-to-site VPN environments, the Cisco 1700 router can terminate VPN tunnels initiated by the remote office routers using the Cisco Easy VPN Remote. Security policies can be pushed down to the remote office routers from the Cisco 1700 router. In addition to terminating site-to-site VPNs, a Cisco 1700 router running the Unified VPN Access Server can terminate remote access VPNs initiated by mobile and remote workers running Cisco VPN client software on PCs. This flexibility makes it possible for mobile and remote workers, such as sales people on the road, to access company intranet where critical data and applications exist.

//zaZagor
0
 
asavenerCommented:
Any non-SOHO router with the security bundle should support firewall, VPN, and limited IDS functionality.

Configuration tasks are significantly different from the ASA, however.
0
 
jskfanAuthor Commented:
<<Configuration tasks are significantly different from the ASA, however.>>

what do you mean by that?

do you mean the commands you type are different, but they achieve the same objectives ?
The router can be configured for security using SDM, but  I am not sure what you will miss if you use a router as for instance a firewall or IDS using SDM, instead of going with ASA?

 
0
 
asavenerCommented:
Yes, you can achieve the same objectives, but the configuration method is very different.

There are a few other ways in which they differ.  SMTP mail guard on the ASA will filter out a lot of text in order to prevent fingerprinting, but the Cisco IOS does not, for example.
0
 
jskfanAuthor Commented:
thanks
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now