Best practice design for cisco router, pix, and vpn concentrator

[ch1n0]

Hello All,

What is the best practice in designing and setting up cisco router 2600 series, cisco pix 515, and cisco vpn 3000 series concentrator?

My guest is connecting router to pix to vpn.

 

[KiscoKid]

physical connectivity is usually something like this:

LAN -> PIX -> Router
|
| DMZ
|
Concentrator

 

[ch1n0]

Hey KiscoKid

Thanks for the response. We have a network here that I think is setup incorrectly. But, I'm not a networking guy too for sure say that it is setup incorrectly.

Here's our setup:
Internet --> Cisco Router (outside)eth00 --> Then Cisco eth01 --> SMC switch --> Pix eth00 and VPN eth00 to SMC ---> pix eth01 and vpn eth01 to LAN (HP procurve)

Our setup is like this:
For the internet (ATT) to Cisco router eth00, then cisco eth01 to smc 1 gig switch, next we have pix eth00 and vpn eth00 plung into SMC switch and then pix eth01 and vpn eth 01 to HP procurve (LAN). I need lots of help here and any feed back is appreciated.

 

[KiscoKid]

To be fair I think your physical connectivity setup is fine. I've seen a lot of organisations deploy their physical infrastructure as you've done. Just ensure the Cisco router, SMC switch, PIX and VPN are suitably hardened against Internet attack.

By suitably hardened I mean suitable deployment of some of the idea's put forward in SAFE (Security Blueprint for Enterprises). SAFE was developed by Cisco and it's a big topic and probably worth reading about is security is a concern for you. The link below connects to Cisco's SAFE repository and talks about all kinds of things - some of which are very relevant to your environment.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_package.html