2620XM with Advanced Security Set as a Firewall

carrr · ‎01-06-2006

I’m looking at doing some light duty web hosting from my home office.

I have a Cisco 2620XM router with an extra 10/100 FE module, giving it two FE ports.

It possesses 128MB DRAM and 32MB flash.

I also have an old PIX 520 running 4.2.

Can I use these two devices to make an effective DMZ?

More specifically, I am looking to put IOS 12.3 or 12.4 on to the 2620XM with the Advanced Security feature set. I’ll probably use the PIX as my inside firewall, as I do not trust that the old PIX code loaded on it will stand up to today’s internet attackers, and don’t have the extra $600 to $800 to spend on an upgraded flash card that would allow me to load newer code.

I need opinions as to whether that 2620XM will be adequate as an outside firewall, at least until I can get something more appropriate in place.

I also have a Nokia IP440 with Checkpoint on it, but am trying to stick with a Cisco solution.

Thanks

mheusinger · ‎01-07-2006

Hi,

a cisco router with fw feature set will in your case probably provide sufficient security. You should close all outside access to the router (except maybe ICMP echo request), turn off unnessessary services and then use the proper rule set for your case.

With this approach you will be able to setup a DMZ (LAN switch between 2620 and PIX).

Hope this helps

Martin