agreed...but he was just asking for suggestions for cheaper solutions. Some
guys just don't get the budget to justify a router/pix combo. I've done my
share of rigging networks to match a $100 budget...haha. Personally I love
the PIX. Actually it's 99.9% of my job here running PIX firewalls for
customers. But 40 users who just want to browse the internet...I'd say that
would be overkill unless they have mission critical servers that are
publically accessible & need them reliably connected & protected.
Hey another idea..if you do already have a router you could set up the ACLs
like William suggested and then get whatever kind of NAT device you have
budget for set up behind it. This would require a real IP address on the
external interface of the NAT device though (or at least a VIP).
FYI a 506 is the lowest end PIX available now. 2 interfaces only, 4 peer
IPSec limitation, 7Mb throughput (approximate depending no if it's encrypted
or not), and no failover option. I believe (just estimating) it's around
$5K but that depends on who you buy it through and what options you purchase
with it.
----- Original Message -----
From: "William E. Gragido" <[EMAIL PROTECTED]>
To: "'Allen May'" <[EMAIL PROTECTED]>; "'John Chang'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, March 19, 2001 12:04 PM
Subject: RE: Firewall
> Its not recommended to use a router alone as a firewall device. In many
> security architectures you will find routers (aka Screening Routers),
> running access-lists in conjunction with a true firewall solution that
will
> be using some sort of ruleset to process incoming traffic. This may
differ
> in situations where PIX devices are situated however, I cannot imagine
that
> someone would knowingly misrepresent the functionality of these devices.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Allen May
> Sent: Monday, March 19, 2001 10:28 AM
> To: John Chang; [EMAIL PROTECTED]
> Subject: Re: Firewall
>
>
> *nix - IP Masquerading (free)
> NT - Winroute, fat-pipe, and a few others (about $300-600 depending on
> licensing)
> There's lots of hardware solutions out there such as NAT capable DSL/Cable
> modems, etc.
>
> I use Winroute at home and it works great. I have a friend using IP
> Masquerading and although it's more difficult to set up, it works great
too.
>
> Allen
> ----- Original Message -----
> From: "John Chang" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, March 19, 2001 9:58 AM
> Subject: Firewall
>
>
> > What do people use for a Firewall that does NAT translation? I know you
> > can use a PIX but what's the cost on the low end? Does anyone have any
> > other recommendation if the cost of a PIX is too high? Looking for a
> > software or hardware solution. It'll be used for about 40 user
department.
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
