Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS Firewall/Edge Router

Im wondering if its best practice to have a 2800 router act as a FW/DNS/DHCP/IPSEC termination for Wireless Internal and Guest Users, at the same time also be the WAN router for a remote site?

2 REPLIES

Re: IOS Firewall/Edge Router

It is possible to terminate all these services onto a 2800 router, but i guess you can think of putting a seperate firewall (ASA 5510) to isolate the LAN/critical servers from the WAN. This can ease management and troubleshooting issues. guests/users on wireless can be authenticated/encrypted via EAP-TLS or MD5 with an external Access Control Server and then allowed access on the network.

see if this whitepaper helps:

http://www.cisco.com/en/US/netsol/ns625/networking_solutions_white_paper0900aecd803b5fc9.shtml

Hope this helps.

Raj

New Member

Re: IOS Firewall/Edge Router

Raj,

Thank you.I guess Im a bit paranoid, Im nervous that if someone did a DHCP Exhaust attack or DNS DoS on the same router as my critical WAN traffic, it might cause the router to run out of memory or reload even with the FW Feature enabled. I did hear back from my Cisco SE and they feel comfortable running all these features on the same router would be secure and stable. Thank you for the feedback.

104
Views
0
Helpful
2
Replies
CreatePlease to create content