Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

firewall - vpn question

hi! I've a firewall with 4 nic card, 2 of those nics are connected to the public and private  dmz respectively. The remaining 2 nics are connected to the public internet and internal lan each.


Nic1 - Public  DMZ

Nic2 - Private   DMZ

Nic3 - Internet (telco router)

Nic4 - Internal LAN

If' I would to setup a vpn concentrator (for small sites to establish tunnel to it) which itself is a firewall, what's the advantage of having these vpn concentrator on the public/private dmz zone over direct connection to the internal lan? and vise versa? Thanks.


firewall - vpn question


Cisco VPN concentrator is not a pure firewall- below is  the extract from Cisco VPN conc Q&A with ref to the same:

Q. Does the Cisco VPN 3000 Concentrator Series have an integrated firewall? If so, what features are supported?

A. While the series has integrated stateless port / filtering capabilities and NAT, Cisco suggests you use a device like the Cisco Secure PIX Firewall for the corporate firewall

With reference to placement of the VPN concentrator, it can be placed in front of, behind, parallel to, or in the demilitarized zone (DMZ) of firewall based on your design requirement.

The DMZ implementation- gives you more control on what the remote users can access (good in terms of firm security). In parallel to ASA - basically opens your LAN for remote partners.