12-29-2008 06:39 PM - edited 03-06-2019 03:10 AM
Hello,
I am looking for a little advice on a network design I will soon be implementing. Currently we have a home office that has 20 employees. In the home office we have an internal lan that has a lan server(dhcp,file server, print server, active directory), an application server, and an email server. The lan is connected to the internet by an 1811 that handles all of the routing, vpn for 3 site to site vpns and up to 5 ipsec individual vpn connections at a time, and firewall duties. To this I need to add a web server preferably in a separate dmz zone that can connect to a sql server inside the internal lan.
What I would like advice on is whether there is a need for a separate firewall device possibly to handle vpn duties and firewall activites, and a recommendation on the device.
I could also use advice on the best way to implement a secure connection from the web server to the sql server that would not expose my internal lan to unnecessary risk.
Thanks,
Jason
12-30-2008 06:44 AM
You might look at the ASA 5510 or 5520. That should be able to do everything you want to do.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
HTH,
John
01-02-2009 12:49 PM
Cisco ASA should be able to perform all of these tasks.
Question about the site to site VPNS... Do you have GRE and routing protocols enabled other than BGP? If so the ASA will not function in this role as it doesn't support GRE tunnels.
01-05-2009 07:19 AM
This is very common.
I think that you can use the ASA5510, the ASA5510 is smaller. But with the first one you can implement DMZ region where you can connect you SQL server if you want to keep access to Internet while securing the inside network.
If you are not familiar with DMZ know that this is an intermediate level between inside and outside.
Outside - not secure region
DMZ - intermediate
Inside - most secured region
The ASA5510 can also provide you a powerful VPN connection for both site to site and client access.
Hope that this help.
Please rate if that help, and ask other questions if you need more details about DMZ.
Regards,
Omar
01-05-2009 07:26 AM
Thank you that does help. I was unsure of the correct device to use to implement everything. I was pretty sure it was the ASA but there are many different models and within the models there are many different levels.
I am still a little unsure of the correct routes to send data between the dmz and internal network but I am going to do some research before I ask any more questions.
Thanks Again,
Jason
01-05-2009 07:36 AM
Janson,
Feel free to ask questions.
About the ASA, ASA5510-SEC-BUN-K9 this one can be a good. It supports 3DES and AES encryption which is strong algorithm. The default is only with DES encryption. It will depends also of your requirements, if not very confidential, DES only may fit your needs and is cost effective for you.
Regards,
Omar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide