paddyxdoyle Tue, 09/20/2005 - 03:32
User Badges:
  • Silver, 250 points or more

I would only use a single router to do both, this would be set up using CBAC on the router to inspect traffic in an outbound direction, NAT would be required if its for Internet traffic.

paddyxdoyle Tue, 09/20/2005 - 05:49
User Badges:
  • Silver, 250 points or more

I'm guessing as they are using 1700's then this is a small site, If it was a large site then you would normally see a router connecting to the internet and then a firewall between the router and LAN. You can use the router as a buffer providing DOS protection, anti-spoofing and other stuff leaving your firewall to do your port filtering/application layer inpsection etc...


As for CBAC, its also known as IOS firewall. Try doing a search on this site, its all here...



Actions

This Discussion