I want to give access to 2-3 server of my office through internet and want to give access to surf the net from the same link to the whole office. My ISP have given me a pool of address. Which SSM do you suggest me to install for this requirement.
as far as i know you need the AIP SSM only for IPS(intrusion prevention system).
what you want to do sounds like a normal scenario for a firewall. you should put the server in a DMZ, so they are accessable from outside, but still seperate from you internal lan.
and if you got an ip address range from your isp you should do nat, if you have enough addresses 1-to-1 nat and otherwise dynamic nat or pat, so the clients from the lan are able to access the internet.
i dont know if the asa5520 supports a DMZ.
but iam not an expert in this matter. are you the system administrator for your company or have you ever done this before?
I have the PIX as a firewall. I want to upgrade it to ASA.
The ASA 5520 supports DMZ. In PIX I already separated my LAN and WAN. I do have 1 to 1 nat for 3 servers from outside to my servers and I have also done dynamic PAT from internal network to outside (internet) in pix right now.
Now, I want to upgrade, but before upgrading to ASA I am in confusion that what should I keep, prevention system or content filtering.
I will be able to open the required port for my three internal servers, so in this case do I need to have IPS. I want to focus on the net sufring. So, I guess content filtering will be the best for me. What do you suggest for me ?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :