Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS Firewall/Edge Router

Im wondering if its best practice to have a 2800 router act as a FW/DNS/DHCP/IPSEC termination for Wireless Internal and Guest Users, at the same time also be the WAN router for a remote site?


Re: IOS Firewall/Edge Router

It is possible to terminate all these services onto a 2800 router, but i guess you can think of putting a seperate firewall (ASA 5510) to isolate the LAN/critical servers from the WAN. This can ease management and troubleshooting issues. guests/users on wireless can be authenticated/encrypted via EAP-TLS or MD5 with an external Access Control Server and then allowed access on the network.

see if this whitepaper helps:

Hope this helps.


New Member

Re: IOS Firewall/Edge Router


Thank you.I guess Im a bit paranoid, Im nervous that if someone did a DHCP Exhaust attack or DNS DoS on the same router as my critical WAN traffic, it might cause the router to run out of memory or reload even with the FW Feature enabled. I did hear back from my Cisco SE and they feel comfortable running all these features on the same router would be secure and stable. Thank you for the feedback.

CreatePlease to create content