From: Sheahan, John (John.Sheahan@priceline.com)
Date: Tue Mar 28 2006 - 14:07:58 GMT-3
Perhaps your presales engineer is just trying to make the point that you
need to terminate your internet circuit on a router before you get to a
Pix/ASA. There is no way to bring a circuit directly into the Pix/ASA.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Stefan Grey
Sent: Tuesday, March 28, 2006 11:56 AM
To: ccielab@groupstudy.com
Subject: Cisco security perimeter!! :(
Hello guys.
Task.
Receive from the ISP internet link, vpn link, maybe some other. Then
provide
the perimeter security.
1. Idea 1. Just to put ASA/PIX on the perimeter and than connect it to
the
local switch.
1. My senior presales engenier told me that it is a bad solution. And he
didn't saw such a design before. He tells that always is done so: the
router
on the perimeter and than the router itself is connected with the
firewall
or ASA. He told that the router is needed to configure the shaping and
to
avoid some headaches.
Could you please explain why 1st design is bad. Why shaping is so
necessary
on the perimeter router. Why this router is needed and which bad things
could I receive if I build design 1. (with just one ASA or PIX).
Any help highly appreciated.
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3