02-24-2007 10:27 PM - edited 02-21-2020 01:25 AM
Hello,
I work with a software company. We currently have 160 user's. We have >
Cisco 515e Firewall ( We dont have failover firewall )
Cisco 1841 Router
3 COM layer II switches
1 quantity of Cisco catalyst 3560 layer III switch
1 linux running proxy server.
Requirement >
I am looking for a all in 1 solution.
I know Cisco's ASA. But I haven't worked on it at all. I just went through Cisco's
documentation. I want a single box which can be a DHCP server, A Firewall, a router & AAA server.
Anybody can suggest flexible appliance from Cisco Systems which can mainly handle following tasks >
Firewall capability
WAN routing
Proxy ( Access control mechanism I can say )
I heard of few Juniper devices which can Firewall,router & proxy. All 1 in box. But i prefer Cisco appliance. Any suggestion with technical positive and negative points ?
Thank you,
Regards,
Amey Abhyankar.
02-25-2007 07:12 AM
Hi Amey,
ASA/Pix can NOT terminate WAN connections such
as T-1, Frame Relay or MPLS to the firewall
itself. Pix/ASA can only terminate Ethernet,
Fast Ethernet and Gig connection to the
firewall.
If you go with Juniper/Netscreen or Nokia
appliances running Checkpoint, they can
terminate WAN connections to the firewalls
itself. I am not sure if it can terminate
MPLS connections.
Nokia, Juniper and Pix can be a DHCP Server.
Not sure about ASA.
Nokia/CP and Pix can not function as a proxy
server. Not sure about Juniper
Nokia/CP, Pix/ASA and Juniper can not function
as a AAA server.
If you are looking for an ALL in 1 solution,
I would suggest that you go with Linux
firewall. The linux can function as the
following:
AAA Server = Freeware Tacacs+ and FreeRadius (I have it running right now and it is working great)
proxy server = squid (i've it running right now)
firewall = ip masquerading with iptables (i've it running at the moment)
WAN routing = I've not tried but I think gen2
can do this. By that, I mean you can
terminate WAN connection such as T-1, Frame
relay to the linux box itself.
DHCP Server = dhcpd.conf will do the trick
As far as support for the linux firewall/
AAA/DHCP/WAN routing/Proxy, that's a separate
issue.
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide