Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing Web and Email server

Status
Not open for further replies.
somejoe

somejoe

IS-IT--Management
Oct 21, 2001
50
US
I'm looking for a cost effective way to:

1. Protect my Email and Web server
2. Provide Internet Access for my LAN
3. Provide a VPN to my Corporate Headquarter.

Can I do all this with just a Router (e.g. perhaps a 1720 router)?

Or do I need a router and Pix?

Thanks,
 
Sort by date Sort by votes
Careful use and design of access-lists and the firewall IOS for the 1720 will work well. The PIX is better in some aspects but for .. say... 85% of your stated *need*, the router is fine.

Now.. lets keep in mind usage vs. users. Anytime you start running firewall anything or access-lists, the CPU requirements go up quite a bit. If the router is just enough for now, then it's not enough as a firewall. You did not mention anything about user count and projected traffic flows so you need to do some home work.

MikeS Find me at
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Most companies I have seen use their routers sparingly in
this regard. They will use a 1720 for very basic ACL against
things like icmp traffic they don't want in and out(ping,
traceroute replies)and some obviously spoofed stuff (127.0.0.x
classic internal private ranges, etc..)and set up some logging
to a secure syslogging firewall that protects their internal
net.
As WBN said you are tasking your router doubly if you use
it in this manner.
 
Upvote 0 Downvote
I would agree with saying you should use a router. A Cisco 1720 w/VPN would be ideal. You can protect your webserver / mailserver by using the access-list features on the router. Also I would probably use a private IP scheme with NAT mapping private -> public IP addresses.

Same for the access to the Internet for a LAN. With NAT pools you can allow your entire LAN to the Internet with a single public IP address (depending on your needs).

I have not toyed with VPN's as of yet (any suggestions / tutorials would be helpful) however I do know for a fact that there is a 1720 w/VPN.

If you planned on going for the Pix firewall vs. a router I would consider if you plan on making this network a LAN vs. a WAN. I would really go for the router and just write logical access lists.


rainman
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
303
bdk76
bdk76
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
244
Lccarter
Lccarter
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
133
NavinNet
NavinNet
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
129
acabezas2014
acabezas2014
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
136
mrdom
mrdom

Part and Inventory Search

Sponsor

Back
Top