07-22-2002
11:32 AM
- last edited on
02-21-2020
11:42 PM
by
cc_security_adm
Hi -
I have a VPN3500 and a PIX 515.
I am setting up a new internet connection for VPN only.
Is the VPN3500 hardened enough to live directly connected to my internet feed, or should I install the PIX in front of it for added protection?
07-22-2002 04:15 PM
There are a lot of installations that make use of the vpn3000 directly to their internet isp connection. However, putting a PIX in frot is also going to add further security.
If the firewall is available for you to use, it is best setting up the vpn3000 private on a dmz, and the private on the inside.
Regards,
07-22-2002 04:39 PM
Hi,
Having the PIX in front is always recommended, additionally make sure to NOT put the CVPN3000 in parallel to the PIX as thats not a recommended SAFE VPN design, for further information on SAFE designs recommended by Cisco go to the following link: http://www.cisco.com/offer/tdm_home/vpn/learn.shtml
Hope this helps,
Aamir Waheed,
Cisco Systems, Inc.
CCIE#8933
-=-=-
07-22-2002 04:42 PM
1 VPN 3000 can be directly put in the internet. The filter on the public interface dropping most of other ip packets and only passing through the VPN traffic.
2 Put the VPN 3000 public interface in PIX dmz interface and private interface to the inside network is another choice. It can more secure control of your network.
3 Most secured design is put VPN 3000 pubilc in PIX dmz1 and private in dmz2. From this way, the PIX can filter the incoming traffic as well as the outgoing VPN traffic as well.
Overall, all three choices are very good design depending customer's different requirements.
Best Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide