×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Best practice design for cisco router, pix, and vpn concentrator

Best practice design for cisco router, pix, and vpn concentrator

Best practice design for cisco router, pix, and vpn concentrator

(OP)
Hello All,

What is the best practice in designing and setting up cisco router 2600 series, cisco pix 515, and cisco vpn 3000 series concentrator?

My guest is connecting router to pix to vpn.

RE: Best practice design for cisco router, pix, and vpn concentrator

physical connectivity is usually something like this:

LAN -> PIX -> Router
        |
        | DMZ
        |
   Concentrator

RE: Best practice design for cisco router, pix, and vpn concentrator

(OP)
Hey KiscoKid

Thanks for the response.  We have a network here that I think is setup incorrectly.  But, I'm not a networking guy too for sure say that it is setup incorrectly.

Here's our setup:
Internet --> Cisco Router (outside)eth00 --> Then Cisco eth01 --> SMC switch -->  Pix eth00 and VPN eth00 to SMC ---> pix eth01 and vpn eth01 to LAN (HP procurve)

Our setup is like this:
For the internet (ATT) to Cisco router eth00, then cisco eth01 to smc 1 gig switch, next we have pix eth00 and vpn eth00 plung into SMC switch and then pix eth01 and vpn eth 01 to HP procurve (LAN).  I need lots of help here and any feed back is appreciated.

RE: Best practice design for cisco router, pix, and vpn concentrator

To be fair I think your physical connectivity setup is fine. I've seen a lot of organisations deploy their physical infrastructure as you've done. Just ensure the Cisco router, SMC switch, PIX and VPN are suitably hardened against Internet attack.

By suitably hardened I mean suitable deployment of some of the idea's put forward in SAFE (Security Blueprint for Enterprises). SAFE was developed by Cisco and it's a big topic and probably worth reading about is security is a concern for you. The link below connects to Cisco's SAFE repository and talks about all kinds of things - some of which are very relevant to your environment.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_package.html

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close