If this interface on the router is you only wan interface they you will run
the risk of loosing your private network when someone decides to take out
the router.
Unless you have some special arangement with your carrier about the
internet pvc load, it would be very easy to take a good framethrower and
load that one internet pvc to the point that any appliactions requiring
your private wan would grind to a hault due to high packet loss caused by
the internet pvc.
I would suggest the extra expense of two cct's on seperate routers, if you
require very high reliability on your private network.
At 03:20 PM 9/16/99 -0700, Roy Mendoza wrote:
>From a security standpoint, is it acceptable to expose a router interface to
>the Internet where the Internet and private network are on the same physical
>circuit?
>
>Quick background: Our carrier cannot provide a channelized frame relay
>circuit, so we must bring their single circuit containing our private
>network and Internet feed to our Cisco 3640, and then inside the 3640
>separate these two PVCs. One PVC (our private network) would go out the
>3640's Ethernet interface to a LAN (inside) hub, while the other PVC
>(Internet) would go out another 3640 Ethernet interface to a PIX firewall.
>
>While it's technically possible to do the above, I'm a bit concerned about
>exposing any interfaces on the 3640 (core) router to the Internet and
>thereby increasing the risk of someone attacking this core router.
>
>Any experienced thoughts???
>
>Thanks!!!
>
>Roy.
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
