Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMZ with a Router (2811)

I originally bought the ASA 5510 with IPS module to implement our DMZ, but I may send it back.

We have a new Internet Router (2811) with two interfaces. It is going to be used for our MPLS implementation later this summer. My original plan was to use the 2nd interface on the 2811 to route half our public IP range to the ASA 5510. But I'm thinking I may have overcomplicated the setup.

If I take the 5510 out of the equation, and just use the 2811 - what options do I have? Can we install extended security on it? PIX type features, and/or IPS type features? Is it recommended or not recommended? What's the best way to have servers in the DMZ talk to servers in our internal network?

New Member

Re: DMZ with a Router (2811)

Yes you could only use 2811 taking out the ASA but it would severly limit your ability security controls. You will have the following feature available in IOS Firewall feature set.

Recommended way is to filter any traffic comming into your internal network eitehr from DMZ or Internet and ONLY allow required connections

CreatePlease login to create content