Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: [Request] security design flows isnights

[Request] security design flows isnights 7 years 8 months ago #29018

  • sys-halt
  • sys-halt's Avatar
  • Offline
  • Frequent Member
  • Posts: 68
  • Karma: 0
We have three 2801 routers and one ASA 5505. All connected by a VPN configuration. I have noticed that the other admins did the following configuration:

1. they did not assign ip nat inside, ip nat outside on each interface
2. they did not make NAT on the external interface
3. they only put the ip route to the ASA where we have published our application using Citrix.
example: ip route

4. they made an Access list on each router to allow the internal IP generated by by a DHCP pool to access the IP address of the Application server behind the ASA firewall.
ip route
access-list 100 permit ip host

in this way our users will put in the Remote connection the IP address and the router will forward the request to the our firewall

5. they inserted an access list with a static statement on the ASA to allow requests from to access the host is the external IP of the ASA is the IP address of the Server behind the ASA is the DHCP pool made on the router for internal users

this procedure is made on all 2 remaining routers.

could you please show me what security risks there might be in such design? or any problems that might rise by not natting or identifying what is insde interface what is outside with no deny or permit access lists.

I did a simple remote desktop connection from a PC coonected to one router to another PC setting on the other side of another router and I managed to remote successfully. this is one thing. but I need more insights and suggestions of possible.

The administrator has disabled public write access.
Time to create page: 0.071 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup