Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: configuring production networking hardware

configuring production networking hardware 10 years 7 months ago #24691

  • saidfrh
  • saidfrh's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 92
  • Thank you received: 0
I am installing routers to access the internet and ASA firewalls to protect the internal network. Are access list required in the above case, how would it be used-on the router or firewall, what would the access list(s) protect? The servers would have private IP addresses. The firewall's main function would be to dynamically open ports and close ports for hosts accessing the internet, PAT functions, creating and breaking down VPNs.

This is my first professional experience. I have configured routers in lab environment for the CCNA and preparing for the BCSI/CCNP. Any suggestions would be highly appreciated.

Re: configuring production networking hardware 10 years 7 months ago #24692

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 814
  • Karma: 3
  • Thank you received: 4
I am not actually versed in router configuration, but why not get a router with firewall and vpn capability thereby discading th e other ASA firewall hardware, IDS, IPS and antivirus activities could be performed on other servers

access list can filter base on ip,port,protocol and if u have a cisco switch , u can telnet into it and configure your vlan

warning : access-list configuration is a very huge part of cisco networking as there are companies that do only access-list configuration for a living ,it is almost an art


sose

Re: configuring production networking hardware 10 years 7 months ago #24695

When deploying a router to the internet with a firewall behind it the usual approach is to place access lists on the router. The idea is to filter out anything patently udesirable at that first point of entry so the firewall is less vulnerable and has less to do. The alternative is to have the router pass everything whether wanted or not and just rely on the firewall for protection. The access lists you're talking about for this kind of scenario need not be complex, for example you might have one to block any protocols you definitely don't want, another to restrict (say) FTP traffic to just the address of your FTP server and block it if destined for anywhere else. That kind of thing.

Re: configuring production networking hardware 10 years 7 months ago #24714

  • saidfrh
  • saidfrh's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 92
  • Thank you received: 0
Bishop,

Thanks.
Said

Re: configuring production networking hardware 10 years 7 months ago #24715

  • saidfrh
  • saidfrh's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 92
  • Thank you received: 0
The Bishop,

Thanks.
Said
  • Page:
  • 1
Time to create page: 0.137 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup