I have been given the task of implementing a new PIX firewall, VPN and intrusion detection (all Cisco products). I have yet to perform a task such as this and would like to take a conservative approach. I want to begin with a high-level question and will drill down with subsequent posts. The environment is a university with a large user base, both LAN/WAN and remote. I will test the solution in a lab environment first, but my question is this: I've been asked to implement in a phased approach. Should I focus on implementing the PIX first? The VPN first? Makes no difference? Thanks in advance for the help.
Thank you both for your reply - I appreciated it. We will indeed be implementing a 3060 Concentrator. As you suggested (and others), I will focus on the PIX firewall first and phase the concentrator shortly afterwards. I'll keep you posted....
This is how our company would handle a situation like this. We think it's important to have design proposal for every phase of the project. It tends to make things run more smoothly. Start off with a PIX firewall and then setup the VPN to terminate at the PIX. Once you have that done you can implement Intrusion Detection. That is the logical order, but I would suggest talking to a design team before starting a project like this.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...