General discussion

Locked

Best placement of a VPN and Firewall

By lgerald ·
I am redesigning a small Windows 2000 network with approx. 60 users, multiple servers, a PIX firewall and a Cisco VPN 3000 concentrator. The site currently has a T-1 with a Cisco router. I'm wondering about the placement of the VPN and firewall. I will be running both a web and exchange server. Should I put the VPN and PIX behind the router, in front, or parallel? Any thoughts?

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Best placement of a VPN and Firewall

by 20 + years still In reply to Best placement of a VPN a ...

This doesn't answer your question but I think is useful just as well. The Cisco router also has built in firewall capabilities just a suggestion that you make that your first line, then the Pix and VPN.

Collapse -

Best placement of a VPN and Firewall

by lgerald In reply to Best placement of a VPN a ...

Thanks. I'm aware the router has some firewall capabilties. However, I have seperate devices for each function in case something happens to the other ones. I'm also aware that the PIX has some built in VPN capabilities.

Collapse -

Best placement of a VPN and Firewall

by Joseph Moore In reply to Best placement of a VPN a ...

As long as your firewall can handle the IPsec exchange (like the IKE pass thru) and all of the VPN specific stuff, then I say put it behind the firewall.
Sure, you can put the VPN in front of the firewall, but you had better make sure the VPN server is locked down first. IF you use WIn2K for the VPN server, you have better harden the server down tight.
If the 2 are parallel, then you have the same VPN server hardening rules to go with. So, let the firewall handle the packet filtering; that is what it is for. Just make sure you get the firewall configured correctly to allow VPN pass thru.

hope this helps

Collapse -

Best placement of a VPN and Firewall

by lgerald In reply to Best placement of a VPN a ...

The question was auto-closed by TechRepublic

Collapse -

Best placement of a VPN and Firewall

by lyle148806 In reply to Best placement of a VPN a ...

I would put the VPN 3000 behind the PIX on a seperate interface to you internal network, then you can control the Encrypted traffic to VPN 3000, but also control and monitor the traffic from the VPN into you internal network.

Collapse -

Best placement of a VPN and Firewall

by lgerald In reply to Best placement of a VPN a ...

The question was auto-closed by TechRepublic

Collapse -

Best placement of a VPN and Firewall

by lgerald In reply to Best placement of a VPN a ...

This question was auto closed due to inactivity

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums