I am installing routers to access the internet and ASA firewalls to protect the internal network. Are access list required in the above case, how would it be used-on the router or firewall, what would the access list(s) protect? The servers would have private IP addresses. The firewall's main function would be to dynamically open ports and close ports for hosts accessing the internet, PAT functions, creating and breaking down VPNs.
This is my first professional experience. I have configured routers in lab environment for the CCNA and preparing for the BCSI/CCNP. Any suggestions would be highly appreciated.
I am not actually versed in router configuration, but why not get a router with firewall and vpn capability thereby discading th e other ASA firewall hardware, IDS, IPS and antivirus activities could be performed on other servers
access list can filter base on ip,port,protocol and if u have a cisco switch , u can telnet into it and configure your vlan
warning : access-list configuration is a very huge part of cisco networking as there are companies that do only access-list configuration for a living ,it is almost an art
When deploying a router to the internet with a firewall behind it the usual approach is to place access lists on the router. The idea is to filter out anything patently udesirable at that first point of entry so the firewall is less vulnerable and has less to do. The alternative is to have the router pass everything whether wanted or not and just rely on the firewall for protection. The access lists you're talking about for this kind of scenario need not be complex, for example you might have one to block any protocols you definitely don't want, another to restrict (say) FTP traffic to just the address of your FTP server and block it if destined for anywhere else. That kind of thing.