I am looking for a little advice on a network design I will soon be implementing. Currently we have a home office that has 20 employees. In the home office we have an internal lan that has a lan server(dhcp,file server, print server, active directory), an application server, and an email server. The lan is connected to the internet by an 1811 that handles all of the routing, vpn for 3 site to site vpns and up to 5 ipsec individual vpn connections at a time, and firewall duties. To this I need to add a web server preferably in a separate dmz zone that can connect to a sql server inside the internal lan.
What I would like advice on is whether there is a need for a separate firewall device possibly to handle vpn duties and firewall activites, and a recommendation on the device.
I could also use advice on the best way to implement a secure connection from the web server to the sql server that would not expose my internal lan to unnecessary risk.
I think that you can use the ASA5510, the ASA5510 is smaller. But with the first one you can implement DMZ region where you can connect you SQL server if you want to keep access to Internet while securing the inside network.
If you are not familiar with DMZ know that this is an intermediate level between inside and outside.
Outside - not secure region
DMZ - intermediate
Inside - most secured region
The ASA5510 can also provide you a powerful VPN connection for both site to site and client access.
Hope that this help.
Please rate if that help, and ask other questions if you need more details about DMZ.
Thank you that does help. I was unsure of the correct device to use to implement everything. I was pretty sure it was the ASA but there are many different models and within the models there are many different levels.
I am still a little unsure of the correct routes to send data between the dmz and internal network but I am going to do some research before I ask any more questions.
About the ASA, ASA5510-SEC-BUN-K9 this one can be a good. It supports 3DES and AES encryption which is strong algorithm. The default is only with DES encryption. It will depends also of your requirements, if not very confidential, DES only may fit your needs and is cost effective for you.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...