cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
543
Views
0
Helpful
5
Replies

Network Design Advice

jmarsh
Level 1
Level 1

Hello,

I am looking for a little advice on a network design I will soon be implementing. Currently we have a home office that has 20 employees. In the home office we have an internal lan that has a lan server(dhcp,file server, print server, active directory), an application server, and an email server. The lan is connected to the internet by an 1811 that handles all of the routing, vpn for 3 site to site vpns and up to 5 ipsec individual vpn connections at a time, and firewall duties. To this I need to add a web server preferably in a separate dmz zone that can connect to a sql server inside the internal lan.

What I would like advice on is whether there is a need for a separate firewall device possibly to handle vpn duties and firewall activites, and a recommendation on the device.

I could also use advice on the best way to implement a secure connection from the web server to the sql server that would not expose my internal lan to unnecessary risk.

Thanks,

Jason

5 Replies 5

John Blakley
VIP Alumni
VIP Alumni

You might look at the ASA 5510 or 5520. That should be able to do everything you want to do.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

HTH,

John

HTH, John *** Please rate all useful posts ***

letsgomets
Level 1
Level 1

Cisco ASA should be able to perform all of these tasks.

Question about the site to site VPNS... Do you have GRE and routing protocols enabled other than BGP? If so the ASA will not function in this role as it doesn't support GRE tunnels.

omar.elmohri
Level 1
Level 1

This is very common.

I think that you can use the ASA5510, the ASA5510 is smaller. But with the first one you can implement DMZ region where you can connect you SQL server if you want to keep access to Internet while securing the inside network.

If you are not familiar with DMZ know that this is an intermediate level between inside and outside.

Outside - not secure region

DMZ - intermediate

Inside - most secured region

The ASA5510 can also provide you a powerful VPN connection for both site to site and client access.

Hope that this help.

Please rate if that help, and ask other questions if you need more details about DMZ.

Regards,

Omar

Thank you that does help. I was unsure of the correct device to use to implement everything. I was pretty sure it was the ASA but there are many different models and within the models there are many different levels.

I am still a little unsure of the correct routes to send data between the dmz and internal network but I am going to do some research before I ask any more questions.

Thanks Again,

Jason

Janson,

Feel free to ask questions.

About the ASA, ASA5510-SEC-BUN-K9 this one can be a good. It supports 3DES and AES encryption which is strong algorithm. The default is only with DES encryption. It will depends also of your requirements, if not very confidential, DES only may fit your needs and is cost effective for you.

Regards,

Omar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco