×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

where should I deploy firewall and VPN server.

Unanswered Question
Apr 10th, 2012
User Badges:

Hi All,

      THis is a common problem.

      we have firewall and VPN router,  I know VPN router can deploy before or after firewall, and parallel.

     which one is better!

     thank you!

Fly

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sean_evershed Wed, 04/11/2012 - 02:32
User Badges:
  • Gold, 750 points or more

Hi,

The Cisco Press book Designing Cisco Network Service Architectures has an excellent chapter on this.

http://www.ciscopress.com/bookstore/product.asp?isbn=1587142880


Each method has various advantages and disadvantages depending on your business needs and  budget.


VPN Parallel to Firewall Advantages:

- No need to change IP addressing

- Scalable solution


VPN Parallel to Firewall Disadvantage:

- Decrypted PSec traffic is not firewall inspected.


VPN deployed in a Firewall DMZ Advantages

- Firewall can inpsect descrypted VPN traffic.

- Scalable soultion


VPN deployed in a Firewall DMZ Disadvantage

- Complex to deploy.


Don't forget to rate posts that are helpful.

Actions

This Discussion