Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

screening router or no screening router

It has alway been by belief that any firewall including the ASA should always be positioned behind a screening router as an additional layer of security. Is this still a valid concept with the ASA or is the ASA itself enough? Just wanted to know what the concenus out there was on this subject.

1 REPLY

Re: screening router or no screening router

With properly configured ASA (tight ACLs, IDS on, anti-spoof/RPF on) I don't see what another router could add. Unless there's something a routing protocol reason (e.g. BGP, EIGRP) or rate limiting reason.

114
Views
0
Helpful
1
Replies
CreatePlease to create content