I manage a technology lab environment that is currently separated from our production network by a five year old 7200 router with 10Mb ethernet interfaces. Both my production network and lab network have 10/100 Cisco switches providing connectivity out to the desktop (Catalyst 5509s). I recently acquired a PIX 520 with multiple 100Mb interfaces, & I use this for testing purposes. I have two goals that I want to achieve. The 1st goal is to improve the throughput from my production network to my lab network. The 2nd goal is to put the firewall in place between the production network & lab network in order to lock things down a bit. So I have a couple of questions. Is it reasonable to use the PIX as a router AND firewall? It seems like this would achieve both my objectives (speed & security). I'm getting conflicting information from my technical staff: Some say the pix isn't a "real" router, but can't clarify what they mean by "real". Some say that the pix doesn't support EIGRP, which would be needed to integrate with our production network. Some guys think that the pix by itself would be sufficient & simplify things, others want to put the pix & the router in line but can't agree as to which order they should be configured. (e.g. production network -- pix -- 7200 -- lab network OR production network -- 7200 -- pix -- lab network. This is a long message, but I'd like to get some other opinions on this topic.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PIX or 7200?
- Thread starter sofaking
- Start date
HI.
I think that your PIX will do the job.
Just check the specifications of the PIX to verify that it can handle all the traffic fast enough (I think it can but check out to be sure).
A router will be needed only if you have WAN connections like frame-relay, which is not your case.
Bye
Yizhar Hurwitz
I think that your PIX will do the job.
Just check the specifications of the PIX to verify that it can handle all the traffic fast enough (I think it can but check out to be sure).
A router will be needed only if you have WAN connections like frame-relay, which is not your case.
Bye
Yizhar Hurwitz
SofaKing,
The PIX isn't a router. It's an IP node and packet forwarding engine. It will move data packets from one connected LAN to another connected LAN.
The PIX understands a limited number of routing protocols as a client would. The PIX doesn't understand EIGRP. The PIX does not pass multicast traffic, so you would have to create a GRE tunnel through the PIX to connect different EIGRP areas.
I'd suggest that you consider the security policy you lan on putting in place between the lab and production networks. If you are going to allow EIGRP (and therefore multicast) you will probably be fine using the 7200 router and a series of access control lists.
Liberty for All,
Brian
The PIX isn't a router. It's an IP node and packet forwarding engine. It will move data packets from one connected LAN to another connected LAN.
The PIX understands a limited number of routing protocols as a client would. The PIX doesn't understand EIGRP. The PIX does not pass multicast traffic, so you would have to create a GRE tunnel through the PIX to connect different EIGRP areas.
I'd suggest that you consider the security policy you lan on putting in place between the lab and production networks. If you are going to allow EIGRP (and therefore multicast) you will probably be fine using the 7200 router and a series of access control lists.
Liberty for All,
Brian
- Status
Similar threads
- Locked
- Question
- Locked
- Question