First, any help would be greatly appreciated.I have been assigned the task of installing a firewall that involves a few things that I may be unfamiliar with (i.e., PPPoE, or VPNs perhaps). At one location (building), I have a Cisco 1720 router configured as the default gateway for the LAN. Also connected to the LAN is a Netopia R5300 T1 Router (don't ask why Netopia and not Cisco -- politics, I guess) providing the Internet connection (and thence, the default gateway for the 1720). Now, I need to install a firewall somewhere in there. All easy so far. Where I get lost is here: At a remote site, there's a server connected to a cable-modem (i.e., no static IP) that needs to replicate via http with a server that will be behind the new firewall. How would something like this work?
Is the Netopia provided bythe ISP? Is it DSL? Usually you can interface with the Netopia by coming off a ethernet port of a router or PIX. The 2621 with 2 ethernet will work well. One ethernet is INSIDE and E2 goes to the netopia. That way you can run Cisco commands on the 2621 and it will just send out to netopia. Same with PIX. Hang PIX off the Netopia router with Cross over cable or small switch. Netopia will have to allow all traffic in so if ISP is controlling it.... make sure they are not blocking anything.
Then just allow http in or whatever you need with access list or conduit statements. You can get pretty specific.
On the cable modem end, you will have to worry about Static or Dynamic IP address on outside? So if it is Dynamic.. you must use cross over to another PIX and have a command like "ip address outside dhcp setroute " which will grab a DHCP off the cable modem and set the default route to it whatever the ip address is.
Then if you need to set up VPN find some good documentation on it so you do not have to open HTML ports on the other side. If security is not so important then you do not need VPN just open the html ports for specific IP address from cable modem (if static) or just open it. Maybe to a DMZ?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...