I have a Cisco 2611 router which I use to connect to the internet but at the same time to some remote sites. I have a firewall between this router and my internal Cisco 2610 router which connects my LAN and other remote sites. My company says it can not buy another 2611 router, so that the remote sites connected to the internet router are protected by my firewall using the proposed new Cisco 2611 router, leaving the Cisco 2611 router connected to the internet outside.I still want to protect my remote sites. Would anyone know how I can go about this problem.
Do you have a CiscoSecure ACS server running on your LAN to authenticate the current remote users on the 2611? How do they access the network, ISDN, analogue dial?
Without knowing much about your network, and assuming that you MAY have the budget available, assuming that the slots on the 2610 are fully populated, I'd go for configuring the NAS/internet router to use TACACS+ authentication on the ACS server. You can also authenticate them at the PIX (is it a PIX?) before they even get to the network. Can't remember how - but it may be worth your while posting this question on the Security forum as you'll get far more sense and better advice from the guys there.
Ideally you want to shift the remotes from the 2611 to the 2610, but again, that depends on the cards installed. Can you upgrade a card to support more users? Difficult to recommend more without knowing more about your hardware configuration. But as I say, try the Security forum, there are some really switched on guys there!!
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...