Link to home
Start Free TrialLog in
Avatar of valdezf
valdezfFlag for United States of America

asked on

Home Cisco Router to WAN

Hello Experts!

I have Verizon Fios at home with an Actiontec router connected to my LAN. I just had Verizon change the connection from the ONT to Ethernet (from Coax).

I would like to connect my Cisco 871w 12.4 -24.T7 advipservices directly to the internet, replacing the Actiontec router.

need some advice on best practice. what should I secure on the router? how should I do this (need examples)? I already have the documentation from Cisco for this model and IOS version but is a bit complicated.

Also, how can I test or audit my network to make sure no intruder bypasses the router?

I know a secure network is not perfect...I am just asking how would you configure a Cisco router at home, directly connected to the internet

thanks in advance!!
Avatar of ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of valdezf


how can i do that?
Avatar of valdezf


which rules? I know about NAT
Avatar of valdezf


that looks good.....I can do that!

will this be the same as enabling IPS? I have it enabled but it makes my internet really really slow (takes away about 50Mbps from 80Mbps = 20Mbps download)

I configured IPS to inspect inbound traffic only...CCP says that it is inspecting every incoming traffic because I have no rules configured for it(I am guessing this is why my internet is slow)

if i configure the rules for the firewall, will this be the same as configuring the rules for IPS?

if not, should I disable IPS and just leave the firewall on?
IPS is Intrusion Prevention System,. it is inspecting every packet against stored signatures, the IOS firewall is a statefull firewal that works on TCP/UDP ports with some basic inspection capabilities.

IPS is processor intensive...

on an 80mb circuit, I'd suggest looking at a Cisco ASA 5505
Avatar of valdezf


So, will the ASA 5505 be for the IPS? are you suggesting not to use IPS on my 871w?

right now I can't get one but will do in a near future.

can I just use the firewall settings on that link and use my Cisco router directly connected to the internet with no problems?
I'm suggesting using an ASA 5505 instead of the 871

With what you have described, your after a NAT firewall more than a router that can run NAT and have a basic firewall feature set
Avatar of valdezf


I don't mind running basic firewall feature...I just want to have my home network secure.

Thanks for your input.
You're quite safe with the IOS firewall, but even without IPS, I think you'll have more bandwidth than the 871 can cope with :-)
Avatar of valdezf


really? that sucks! lol

thanks for the info...your points are well earned :)
Avatar of valdezf


I know the question is closed...but just one thing

do you think I should just stay with the verizon actiontec router instead of replacing it with the 871w?
The 871 also gives you the capability of having VPN access.

The IOS stateful firewall is certainly better than just plain NAT, but performance might be better with the Actiontec