Re: design/implement new firewall, VPN, Netranger

drollyson · ‎09-18-2000

I have been given the task of implementing a new PIX firewall, VPN and intrusion detection (all Cisco products). I have yet to perform a task such as this and would like to take a conservative approach. I want to begin with a high-level question and will drill down with subsequent posts. The environment is a university with a large user base, both LAN/WAN and remote. I will test the solution in a lab environment first, but my question is this: I've been asked to implement in a phased approach. Should I focus on implementing the PIX first? The VPN first? Makes no difference? Thanks in advance for the help.

sajithnair · ‎09-25-2000

It depends on which product you will be choosing for

VPN.For VPN you can use VPN routers,firewalls

with VPN software, or 3000 series concentrators.

If you have large number of remote users then the

better option would be 3000 series concentrator.

Assuming you go for 3000 series concentrator then

u should concentrate on PIX first.Then afterwards

u can place concentrator in parallel with PIX without

much difficulty

drollyson · ‎09-27-2000

Thank you both for your reply - I appreciated it. We will indeed be implementing a 3060 Concentrator. As you suggested (and others), I will focus on the PIX firewall first and phase the concentrator shortly afterwards. I'll keep you posted....

smalkeric · ‎09-26-2000

This is how our company would handle a situation like this. We think it's important to have design proposal for every phase of the project. It tends to make things run more smoothly. Start off with a PIX firewall and then setup the VPN to terminate at the PIX. Once you have that done you can implement Intrusion Detection. That is the logical order, but I would suggest talking to a design team before starting a project like this.