Solved

Using a router for security

Posted on 2011-03-16
5
322 Views
Last Modified: 2012-05-11
I would like to know if I can use a router, to do the functions of ASA , IDS ? and also VPN.?
if so which router series and IOS are able to do the similar functions.

thanks
0
Comment
Question by:jskfan
  • 2
  • 2
5 Comments
 
LVL 5

Assisted Solution

by:zazagor
zazagor earned 200 total points
Comment Utility
Hi,

Here is a link to "How to chose IOS":
http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_tech_note09186a00800fb9d9.shtml
I would suggest Cisco 1721.
The Cisco 1721 router is part of the end-to-end Cisco VPN solution. VPNs create secure connections via the Internet to connect geographically dispersed offices, business partners, and remote users while providing security, traffic prioritization, management, and reliability equal to that of private networks.

By supporting industry standards, IPSec, Layer 2 Tunneling Protocol (L2TP), and DES and 3DES, the Cisco 1721 router delivers robust VPN solutions to ensure data privacy, integrity, and authenticity.

The optional VPN hardware encryption module for the Cisco 1721 router further optimizes VPN encryption performance. By offloading encryption tasks to the VPN module, the router processor is freed to handle other operations. The VPN module accelerates the rate at which encryption occurs, speeding the process of transmitting secure data, a critical factor when using 3DES encryption.

The Cisco 1721 router offers integrated security features, including stateful inspection firewall functionality and IDS as an optional Cisco IOS Software feature. By deploying Cisco IOS Software firewall functionality, customers do not need to purchase or manage multiple devices, thus simplifying network management and reducing capital costs. Additionally, remote management applications, such as Cisco Security Device Manager (SDM), make it easier than ever to deploy and monitor Cisco IOS Firewall and VPN on your Cisco 1721 router.

Cisco IOS Software firewall security features include access control lists (ACLs), user Authentication, Authorization, and Accounting (such as Password Authentication Protocol/Challenge Handshake Authentication Protocol [PAP/CHAP], TACACS+, and Remote Access Dial-In User Service [RADIUS]). These security features provide the optimal level of firewall protection to customers.

The Cisco 1700 Series routers support the Cisco Easy VPN Remote feature that allows the routers to act as remote VPN clients. As such, these devices can receive predefined security policies from the headquarters' VPN head-end, thus minimizing configuration of VPN parameters at the remote locations. This solution makes deploying VPN simpler for remote offices with little IT support or for large deployments where it is impractical to individually configure multiple remote devices. While customers wishing to deploy and manage site-to-site VPN would benefit from Cisco Easy VPN Remote because of its simplification of VPN deployment and management, managed VPN service providers and enterprises who must deploy and manage numerous remote sites and branch offices with Cisco IOS routers for VPN will realize the greatest benefit.

The Cisco 1700 Series routers also support the Cisco Easy VPN Server feature that allows a Cisco 1700 router to act as a VPN head-end device. In site-to-site VPN environments, the Cisco 1700 router can terminate VPN tunnels initiated by the remote office routers using the Cisco Easy VPN Remote. Security policies can be pushed down to the remote office routers from the Cisco 1700 router. In addition to terminating site-to-site VPNs, a Cisco 1700 router running the Unified VPN Access Server can terminate remote access VPNs initiated by mobile and remote workers running Cisco VPN client software on PCs. This flexibility makes it possible for mobile and remote workers, such as sales people on the road, to access company intranet where critical data and applications exist.

//zaZagor
0
 
LVL 28

Expert Comment

by:asavener
Comment Utility
Any non-SOHO router with the security bundle should support firewall, VPN, and limited IDS functionality.

Configuration tasks are significantly different from the ASA, however.
0
 

Author Comment

by:jskfan
Comment Utility
<<Configuration tasks are significantly different from the ASA, however.>>

what do you mean by that?

do you mean the commands you type are different, but they achieve the same objectives ?
The router can be configured for security using SDM, but  I am not sure what you will miss if you use a router as for instance a firewall or IDS using SDM, instead of going with ASA?

 
0
 
LVL 28

Accepted Solution

by:
asavener earned 300 total points
Comment Utility
Yes, you can achieve the same objectives, but the configuration method is very different.

There are a few other ways in which they differ.  SMTP mail guard on the ASA will filter out a lot of text in order to prevent fingerprinting, but the Cisco IOS does not, for example.
0
 

Author Closing Comment

by:jskfan
Comment Utility
thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now