Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: configuring production networking hardware

configuring production networking hardware 8 years 8 months ago #24691

  • saidfrh
  • saidfrh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 92
  • Karma: 0
I am installing routers to access the internet and ASA firewalls to protect the internal network. Are access list required in the above case, how would it be used-on the router or firewall, what would the access list(s) protect? The servers would have private IP addresses. The firewall's main function would be to dynamically open ports and close ports for hosts accessing the internet, PAT functions, creating and breaking down VPNs.

This is my first professional experience. I have configured routers in lab environment for the CCNA and preparing for the BCSI/CCNP. Any suggestions would be highly appreciated.
The administrator has disabled public write access.

Re: configuring production networking hardware 8 years 8 months ago #24692

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
I am not actually versed in router configuration, but why not get a router with firewall and vpn capability thereby discading th e other ASA firewall hardware, IDS, IPS and antivirus activities could be performed on other servers

access list can filter base on ip,port,protocol and if u have a cisco switch , u can telnet into it and configure your vlan

warning : access-list configuration is a very huge part of cisco networking as there are companies that do only access-list configuration for a living ,it is almost an art


sose
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

Re: configuring production networking hardware 8 years 8 months ago #24695

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
When deploying a router to the internet with a firewall behind it the usual approach is to place access lists on the router. The idea is to filter out anything patently udesirable at that first point of entry so the firewall is less vulnerable and has less to do. The alternative is to have the router pass everything whether wanted or not and just rely on the firewall for protection. The access lists you're talking about for this kind of scenario need not be complex, for example you might have one to block any protocols you definitely don't want, another to restrict (say) FTP traffic to just the address of your FTP server and block it if destined for anywhere else. That kind of thing.
The administrator has disabled public write access.

Re: configuring production networking hardware 8 years 8 months ago #24714

  • saidfrh
  • saidfrh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 92
  • Karma: 0
Bishop,

Thanks.
Said
The administrator has disabled public write access.

Re: configuring production networking hardware 8 years 8 months ago #24715

  • saidfrh
  • saidfrh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 92
  • Karma: 0
The Bishop,

Thanks.
Said
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup