Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Separting Internet Connection

Status
Not open for further replies.
Shando

Shando

IS-IT--Management
Mar 5, 2008
18
US
Hi,
We have 3 sites that are tied together with T1s, and the ASA firewall is in the main office.
Hi All,
Is there a way where we can give each site their own
Comcast connection, instead of using the Comcast connection through the main site while having the sites stay connected with the T1s ? I dont want to wind up having a firewall at each site.

If this is feasible using IP routing, and ACL policies on the cisco 2600 routers, do you think not having a firewall at each location would have a security risk, and would it be better to have a firewall?

We manage the routers, there is cisco 2600 at each site. So, how can we do this through the routers at each location and keep non internet trafic floating through the main fw?

Thank you for your help...
 
Sort by date Sort by votes
sure. on each of the 2600's configure the zone-based firewall. you MUST have a firewall with stateful inspection otherwise you open yourself up to bad things. you'll need to change your routing at the remote locations so that you have a default route to the internet and then specific routes to go over the T1's for traffic destined for the other locations.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
So I need a firewall at each location, beside, the routers'zone based firewall config?

Do I need ACL to be configured on the routers side?

can you please give more details on how to do this and anything I need to watch for?

thank you for your quick response!
 
Upvote 0 Downvote
it all depends on your security requirements. do you want to permit any and all traffic outbound??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

phonedudeSr
  • Locked
  • Question
Cisco Unity Connection Subscriber issue
Replies
2
Views
183
phonedudeSr
phonedudeSr
mattmontalto
  • Locked
  • Question
Connections Limit Reached
Replies
6
Views
252
mattmontalto
mattmontalto
DarioMartin
  • Locked
  • Question
Problem accessing internet with Cisco 877
Replies
1
Views
122
DarioMartin
DarioMartin
ahm1985
  • Locked
  • Question
Test internet connection failed Cisco router 800 series
Replies
0
Views
86
ahm1985
ahm1985
mkc1962
  • Locked
  • Question
Cisco 2602e connection question
Replies
0
Views
89
mkc1962
mkc1962

Part and Inventory Search

Sponsor

Back
Top