Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
fly
Community Member

where should I deploy firewall and VPN server.

Hi All,

      THis is a common problem.

      we have firewall and VPN router,  I know VPN router can deploy before or after firewall, and parallel.

     which one is better!

     thank you!

Fly

1 REPLY

Re: where should I deploy firewall and VPN server.

Hi,

The Cisco Press book Designing Cisco Network Service Architectures has an excellent chapter on this.

http://www.ciscopress.com/bookstore/product.asp?isbn=1587142880

Each method has various advantages and disadvantages depending on your business needs and  budget.

VPN Parallel to Firewall Advantages:

- No need to change IP addressing

- Scalable solution

VPN Parallel to Firewall Disadvantage:

- Decrypted PSec traffic is not firewall inspected.

VPN deployed in a Firewall DMZ Advantages

- Firewall can inpsect descrypted VPN traffic.

- Scalable soultion

VPN deployed in a Firewall DMZ Disadvantage

- Complex to deploy.

Don't forget to rate posts that are helpful.

476
Views
0
Helpful
1
Replies
CreatePlease to create content