Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Internet Router and Firewall

Status
Not open for further replies.
miked554

miked554

Technical User
Aug 13, 2007
5
GB
When installing for example a new site, why is it necessary to have an internet facing router?

Why can you not connect the ISP connection directly to the Firewall for example?

Is it simply best practice or is there a fundamental reason?

Thanks.
 
Sort by date Sort by votes
You can, if the firewall is a routing device as well. To separate your private network from the outside internet (public), you need a router, or, for example, a Cisco PIX firewall, which also serves as a router.

Burt
 
Upvote 0 Downvote
Agreed. A few years ago, everyone had a router then the firewall. The main reason for that was, most of the internet connections were BRI, T1, or fractional T1. You typically needed something other than a firewall to terminate the internet connection to. Now, that same router could have been used as a firewall as well, just not as good of a firewall. Eventually, Cisco and other router manufacturers started adding firewall feature sets to their routers for the added functionality of the better firewall.
 
Upvote 0 Downvote
So connecting the ethernet terminated ISP connection directly in to a Cisco PIX would now be common practice?
 
Upvote 0 Downvote
That is correct. If you have an ethernet handoff from your isp, direct termination to a Pix Firewall would be common practice

Mark Spencer
 
Upvote 0 Downvote
Okay understood.

But just one more question. In my last place of work the ISP connection handed off to an internet routers outside interface on 1 Telco IP address range and our Public address pool was then behind that and assigned on the inside interface of the Router and the outside of the firewall.

ie..

TELCO
23.4.77.89
23.4.77.90
INTERNET ROUTER
63.3.45.7 (public addresses)
63.3.45.8 (public addresses)
FIREWALL
172.16.1.1

Is this kind of setup normal? And if so how could you connect this directly in to a firewall? In other words where would you assign the public address if the Outside interface of the firewall is directly connected to the ISP?

Sorry for the confused message I hope you can decipher what I am trying to get across.

Thanks.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
143
Lccarter
Lccarter
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
99
burtsbees
burtsbees
Tariq Habaybeh
  • Locked
  • Question
Cisco 881WD-E-K9 router configuration
Replies
1
Views
100
burtsbees
burtsbees
Zia khan
  • Locked
  • Question
Cisco: 2811 Router
Replies
1
Views
85
CASSBusinessSystems
CASSBusinessSystems
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
75
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top