external security

Unanswered Question
Oct 24th, 2003
User Badges:

i have a cisco 2610 with 12.0(8) that routes a class c address space from an ISP. There's also a Cat 5000 on the external network. The internal networks are firewalled by sonicwall SOHO2 and SOHO3 and PIX 506 firewalls.


The company has been using telnet to access the 2610 from the Internet. There are no access lists on the router, and AA.


How important is it to use acls to filter traffic inbound on the external router interface? I was thinking of filtering the class c, private ips, and a number of protocols including icmp.


I was considering using ssh to access the 2610 and the Cat 5000, but only from a host inside one of the firewalls. How secure is that solution?


Is it possible to use a PIX 506 or Sonicwall as an ssh host instead of passing through the firewall?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nkhawaja Fri, 10/24/2003 - 15:44
User Badges:
  • Cisco Employee,

Hi,

Securing your perimter router is very important. If e.g. a DOS happens on your router, all of its processing will be consumed up.

SSH is the best way to access the router. No You can't use PIX (atleast) as SSH client.


Here is a link for further reference.


http://www.cisco.com/warp/public/707/21.html



Thanks

Nadeem

Actions

This Discussion