Solved

Firewall implementation for branch offices

Posted on 2013-02-02
2
406 Views
Last Modified: 2013-02-27
I am assisting my friend with a school project. Basically I had a few questions. Here is the scenario.

7 branch offices connected to a central office with dedicated T1 lines.
1 network for data and separate for guest wireless network at each location.
All internet comes through proxy at central location
Around 60 hosts at each location

The switch for the data network is plugged into one Ethernet interface and the WAP is plugged into the second Ethernet interface of the router at each location.

IP Scheme example:

Branch 1: Data 192.168.1.0 /24 Wireless 192.168.50.1 /24
Branch 2: Data 192.168.2.0 /24 Wireless 192.168.51.0 /24

Questions:

Should he put Cisco ASA firewalls behind each router at the remote locations?
If so, how do you configure the Cisco ASA if two Ethernet ports are used on the Router?
0
Comment
Question by:MusicMan440
2 Comments
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 38847656
Are they using dedicated MPLS networks or just internet T1s and you are providing the VPN?
0
 
LVL 20

Accepted Solution

by:
agonza07 earned 500 total points
ID: 38847781
Easy answer would be "no," you simply configure PBR and ACLs on the routers so that guest networks never touch your Data network. ACLs are more of a firewall function, but it comes with every Cisco router so depends on what capabilities your router has. If the router is simply serving a router function then you need firewalls.

If you wanted to put ASAs at each location, you would put it between the router and your data network (or switch in this case.) That way you can prevent the guest network from any location from accessing your data network by using the firewall to block it.

That's the thing about I.T. there's a million ways to do things...
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now