My company is now using a frame relay network as the corporate WAN. As the company expands, the WAN needs to cover more and more locations where frame relay is too expensive. So we start to use a PIX-to-PIX VPN solution to connect new site together. What make me worried about is that because the new site is having their own local ISP and we cannot control the internet access of those new sites, there is a possibility that hacker can go to our frame relay network through the VPN connection.
What is the most effective way to secure a mixed WAN.
This is more of a security question than a frame relay, so someone correct me if I go astray.
You're doing the right thing already. If you've implemented the PIXs (PIXen?;) properly and created VPNs to connect your remote offices via the Internet, your WAN should be fairly secure.
The purpose of a VPN is to allow traffic to traverse unhindered and encrypted from the inside interface of one PIX to the inside interface of the other PIX. There are also mechanisms in the VPN software that prevent Internet users from forging your VPN packets.
Since the VPN traffic is encrypted and non-forgable, and the VPN goes from the inside interface of one PIX to the inside of the other PIX, *and* if your PIXs have been configured properly to provide security, your overall WAN solution sounds decent.
My advice to you if you have concerns over security is to contact a security consultant to review your configuration. There may be things that I can't see like misconfigured access-lists, conduits, NAT, etc...
But should I use my existing PIX to connect our remote site together, or i should buy another VPN device sitting beside the PIX? I wonder if pix 515 will have any problem. If it sits beside the Pix, i may get some routing problem too...
I have to connect 4 sites with our regional hub. Each site will have less than 100 users. Do you think it is feasible if i put a VPN 3005/3030 in parallel with the PIX in the central site, and put a 505 PIX in each site. So far i see i can use several methods to connect sites together in a hub-and-spoke topology, but not sure which is the most cost effective and stable one.
yes, this may be the most cost effective way. But as far as i know, PIX is not a router, it cannot route traffic between remote sites if i connect them using PIX in the central site. That's why i need to consider other devices.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...