Re: Firewalls and VPNs

Fri, 16 Feb 2001 09:46:27 -0800 

Maybe it is because it does not base forwarding decisions on layer 3 info
alone but also takes into account layer 4 and 7 info as well?


-----Original Message-----
From: haroldnjoe <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, February 16, 2001 12:41 PM
Subject: Firewalls and VPNs


>I've read here a couple of times that PIX's don't route. Period. In light
of
>this I'm left a little confused as to a proposed network map I was given
>recently.
>
>The core layer router is a 3640 linking all of our branch offices together.
>From the 3640, there is an ethernet connection to a PIX 515R.  From the
PIX,
>there is another ethernet connection to a 1750 router. The 1750 connects
via
>T1 to our ISP.  There is yet another ethernet connection from the PIX to
the
>isolation lan, on which resides an internet mail/web server and a VPN 3000
>concentrator.
>
>If PIX's don't route, what subnet is the isolation lan going to sit on?  As
>I understand it, the PIX will be providing NAT functionality for the 3640
>and everything behind it.  So I would assume that the T1 and ethernet
>interfaces on the 1750, the outside interfaces on the PIX, and everything
in
>the isolation lan including the VPN concentrator will have to have public
IP
>addresses which will be given to us by our ISP.  The way the map is layed
>out, it looks to me like the isolation lan would have to be on its own
>subnet.
>
>What am I missing?  If the PIX doesn't route, do it's ethernet interfaces
>reside on the same subnet as the isolation lan?  If so, then the ethernet
>interface on the 1750 must also be on that subnet, right?
>
>This is the proposed network map that Cisco's presale engineers gave me.
>I'm sure it's a solid design, but I'm still trying to work out the details
>so that I understand what I'm implementing (always a good thing, I think).
>
>Thanks for your time,
>
>[EMAIL PROTECTED]
>
>
>_________________________________
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to