Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
2
Replies

External Router Reuirements Query

dan_track
Level 1
Level 1

‎06-30-2008 04:07 AM - edited ‎03-05-2019 11:54 PM

Hi

Currently I am desinging a simple network where I'm having an external router accept the internet link (RJ45 ethernet) and then create a zone between the external router and an ASA firewall. My question is what advantages can we gain by having this external router, what would we lose if we took the internet connection straight into the ASA?

Please remember this is only for a medium sized firm >1500 employees with only a single internet connection. Possibly with a default route to our ISP.

I'm thinking of having a cisco 2851 router and a ASA 5520.

Any help would be appreciated.

Thanks

Dan

Labels:
0 Helpful
2 Replies 2

nelson-rick
Level 1
Level 1

‎06-30-2008 04:37 AM

Quite simply, routers are faster than firewalls. A router is a relatively simple networking device designed solely to get packets from point A to point B. In terms of unit cost, it's generally much cheaper for a router to handle a packet than for a firewall to analyze it. Additionally, there are a lot of "junk" packets out there on the Internet, as a result of port scanning and other malicious activity.

With those facts in mind, most organizations choose to use a router as the first perimeter defense, implementing a simple rule set that blocks all unwanted traffic. For example, if the only acceptable inbound traffic is HTTPS and VPN activity, you could write a simple router rule set that allows those two ports (to any address) and blocks everything else. The firewall would then be responsible for more granular filtering, determining which specific hosts may receive HTTPS and/or VPN traffic, for example, and performing advanced analysis, such as stateful inspection and/or application-layer filtering.

It's possible, however, to bypass this norm. One approach that I've seen attempted in smaller organizations is to use only a firewall, dropping the router entirely. In that scenario, the firewall performs routing functions for the network. The primary benefit to such an approach is that it simplifies the environment, providing only one device that must be managed. It's not, however, a scalable design, as the cost quickly becomes prohibitive as network throughput rises.

0 Helpful

dan_track
Level 1
Level 1
In response to nelson-rick

‎06-30-2008 05:29 AM

Hi

Thanks for the detailed response. I'll bear much of it mind. I've always been of the view that security can be best achieved through a layered defence. I'm going to put forward that we have both an external router for our 10Mbit internet link and a firewall.

Thanks

Dan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card