I have a 3015 at our central office with a number of Cisco 800's / 1700's at satellite offices. I've got them up and running with IPSec tunnels using 3DES/SHA and currently pre-shared keys (Thinking about using digi-certs as the number of sites could increase). I've been ploughing through the Safe VPN docco about the question of further security using NIDS and firewalls., and looked at the medium sized scenario.
Has anyone got a similar setup that could enlighten me further on the best way they have found to tighten up security to a safe, but not excessive level ?
Both NIDS and Firewall are good options for good secuirty, also consider some sort of security for important servers like mail servers by running Host based IDS on them. Also you can add access lists to restrict the resources the users can access.
There are a couple design options on where to place the firewall and IDS in respect to the concentrator, depends on how you really want to use it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...