I am a newly minted CCNA and as such am feeling my way along with the various Cisco products.
I have a client who needs to upgrade their perimeter firewall. They are a small startup provding a hosted solution with 5 web servers that are accessible from the Internet. They serve from 50 to 100 users at a time. Right now they are using a relatively low end Netopia router that is NATing outside traffic to the servers running on a privately addressed LAN. The router is not providing any firewall services. They obviously need to upgrade this situation. In your experience, what is the best Cisco solution for this, a Pix, ASA5500 series? I would welcome any suggestions.
Definately you want to look into next generation of cisco firewalls ASA5500 product.
For a hosting environment even as a small start-up company you want to provide a firewall architecture where allows for growth and redundancy, being a hosting company I would look into the asa5510 model for one simple reason that it provides for statefull failover capabilities when using active failover scenario architecture.
The entry level of the asa5500s is the 5505 but it does does not provide statefull capabilities only failover.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...