valdezf
asked on
Home Cisco Router to WAN
Hello Experts!
I have Verizon Fios at home with an Actiontec router connected to my LAN. I just had Verizon change the connection from the ONT to Ethernet (from Coax).
I would like to connect my Cisco 871w 12.4 -24.T7 advipservices directly to the internet, replacing the Actiontec router.
need some advice on best practice. what should I secure on the router? how should I do this (need examples)? I already have the documentation from Cisco for this model and IOS version but is a bit complicated.
Also, how can I test or audit my network to make sure no intruder bypasses the router?
I know a secure network is not perfect...I am just asking how would you configure a Cisco router at home, directly connected to the internet
thanks in advance!!
I have Verizon Fios at home with an Actiontec router connected to my LAN. I just had Verizon change the connection from the ONT to Ethernet (from Coax).
I would like to connect my Cisco 871w 12.4 -24.T7 advipservices directly to the internet, replacing the Actiontec router.
need some advice on best practice. what should I secure on the router? how should I do this (need examples)? I already have the documentation from Cisco for this model and IOS version but is a bit complicated.
Also, how can I test or audit my network to make sure no intruder bypasses the router?
I know a secure network is not perfect...I am just asking how would you configure a Cisco router at home, directly connected to the internet
thanks in advance!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
which rules? I know about NAT
ASKER
that looks good.....I can do that!
will this be the same as enabling IPS? I have it enabled but it makes my internet really really slow (takes away about 50Mbps from 80Mbps = 20Mbps download)
I configured IPS to inspect inbound traffic only...CCP says that it is inspecting every incoming traffic because I have no rules configured for it(I am guessing this is why my internet is slow)
if i configure the rules for the firewall, will this be the same as configuring the rules for IPS?
if not, should I disable IPS and just leave the firewall on?
will this be the same as enabling IPS? I have it enabled but it makes my internet really really slow (takes away about 50Mbps from 80Mbps = 20Mbps download)
I configured IPS to inspect inbound traffic only...CCP says that it is inspecting every incoming traffic because I have no rules configured for it(I am guessing this is why my internet is slow)
if i configure the rules for the firewall, will this be the same as configuring the rules for IPS?
if not, should I disable IPS and just leave the firewall on?
IPS is Intrusion Prevention System,. it is inspecting every packet against stored signatures, the IOS firewall is a statefull firewal that works on TCP/UDP ports with some basic inspection capabilities.
IPS is processor intensive...
on an 80mb circuit, I'd suggest looking at a Cisco ASA 5505
IPS is processor intensive...
on an 80mb circuit, I'd suggest looking at a Cisco ASA 5505
ASKER
So, will the ASA 5505 be for the IPS? are you suggesting not to use IPS on my 871w?
right now I can't get one but will do in a near future.
can I just use the firewall settings on that link and use my Cisco router directly connected to the internet with no problems?
right now I can't get one but will do in a near future.
can I just use the firewall settings on that link and use my Cisco router directly connected to the internet with no problems?
I'm suggesting using an ASA 5505 instead of the 871
With what you have described, your after a NAT firewall more than a router that can run NAT and have a basic firewall feature set
With what you have described, your after a NAT firewall more than a router that can run NAT and have a basic firewall feature set
ASKER
I don't mind running basic firewall feature...I just want to have my home network secure.
Thanks for your input.
Thanks for your input.
You're quite safe with the IOS firewall, but even without IPS, I think you'll have more bandwidth than the 871 can cope with :-)
ASKER
really? that sucks! lol
thanks for the info...your points are well earned :)
thanks for the info...your points are well earned :)
ASKER
I know the question is closed...but just one thing
do you think I should just stay with the verizon actiontec router instead of replacing it with the 871w?
do you think I should just stay with the verizon actiontec router instead of replacing it with the 871w?
The 871 also gives you the capability of having VPN access.
The IOS stateful firewall is certainly better than just plain NAT, but performance might be better with the Actiontec
The IOS stateful firewall is certainly better than just plain NAT, but performance might be better with the Actiontec
ASKER