Cisco advises using one of three solutions.
1.) Firewall DMZ one going to VPN outside so that
encrypted traffic can be filtered. Then VPN inside
going to another DMZ on the firewall so that
unencrypted traffic has to go again through firewall.
This is best probably if you have the interfaces.
2.) Only VPN outside is connected to firewall. Once
traffic is unecrypted then it hits network directly.
3.) Only VPN inside is connected to firewall. Traffic
can hit VPN directly, but once unecrypted it will have
to go through firewall.
Stateful inspection is a more thorough inspection of
the IP packet to determine various things like if the
packet is a response packet to something on the
inside. If it is, then it's more likely to be safe.
Basically, it checks the state of sessions between
inside and outside devices. And yes the PIX supports
it.
Proxy server is a device that does something for
another device. Most common is a web proxy that goes
out and makes the http request for an internal PC. The
web server only sees the request coming from the web
proxy. The proxy most times also maintains a cache so
that commonly hit sites are stored locally and thus
data is returned quicker. Some proxies now also try to
do some packet filtering to be more like firewalls.
They don't do as good a job and don't scale as well as
true firewalls.
Michael Le, CCIE #6811
--- RAJESH AGNIHOTRI wrote:
> Greetings ,
>
> QUESTIONS
> 1)If we install a vpn box in the network ... does
> this mean it is secured
> ..
> or should we have firewall also .. if so where
> should the firewall site on
> the network .. before the vpn box or after vpn
> box...
>
> 2) what do you mean by stateful inspection... does
> cisco PIX firewall
> support it ...
>
>
> 3>difference between the firewall and proxy server
> ... ??
>
>
> Please let me know ...
>
> Regards
>
> Rajesh Agnihotri
>
>
_________________________________________________________________
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14515&t=14463
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
