Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

design/implement new firewall, VPN, Netranger

I have been given the task of implementing a new PIX firewall, VPN and intrusion detection (all Cisco products). I have yet to perform a task such as this and would like to take a conservative approach. I want to begin with a high-level question and will drill down with subsequent posts. The environment is a university with a large user base, both LAN/WAN and remote. I will test the solution in a lab environment first, but my question is this: I've been asked to implement in a phased approach. Should I focus on implementing the PIX first? The VPN first? Makes no difference? Thanks in advance for the help.

New Member

Re: design/implement new firewall, VPN, Netranger

It depends on which product you will be choosing for

VPN.For VPN you can use VPN routers,firewalls

with VPN software, or 3000 series concentrators.

If you have large number of remote users then the

better option would be 3000 series concentrator.

Assuming you go for 3000 series concentrator then

u should concentrate on PIX first.Then afterwards

u can place concentrator in parallel with PIX without

much difficulty

New Member

Re: design/implement new firewall, VPN, Netranger

Thank you both for your reply - I appreciated it. We will indeed be implementing a 3060 Concentrator. As you suggested (and others), I will focus on the PIX firewall first and phase the concentrator shortly afterwards. I'll keep you posted....


Re: design/implement new firewall, VPN, Netranger

This is how our company would handle a situation like this. We think it's important to have design proposal for every phase of the project. It tends to make things run more smoothly. Start off with a PIX firewall and then setup the VPN to terminate at the PIX. Once you have that done you can implement Intrusion Detection. That is the logical order, but I would suggest talking to a design team before starting a project like this.