[c-nsp] Using Cisco 3825 as Firewall Replacement
Steve McNamara
steve.mcnamara at gmail.com
Wed Apr 15 12:14:15 EDT 2009
Darin,
Sounds like the IOS zone based firewall might be applicable to what
you are after - there is support for NAT.
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html
Note: I haven't configured this before so YMMV :-)
Steve
On Wed, Apr 15, 2009 at 15:35, Jeffrey Ollie <jeff at ocjtech.us> wrote:
> On Wed, Apr 15, 2009 at 9:24 AM, Darin Herteen <synack at live.com> wrote:
>>
>> I have a customer who's firewall recently bricked and is unusable. This
>> device had previously served as a VPN to their LAN from the outside
>> world, restricted access between internal VLAN's, and provided NAT for
>> internal addresses to reach the internet. They happened to have a Cisco
>> 3825 laying around and I've been attempting to get this router
>> configured to duplicate the functionality of the now deceased firewall.
>> [...]
>> Does anybody have any recommendations or advice to offer regarding this setup and whether or not it can be accomplished.
>
> The 3825 is a fairly nice router, but it can't handle a lot of
> throughput. I don't recall the exact specs (and can't find on a quick
> search), but I think that it can only handle <100Mb/s. That seems
> kinda low but I think it wasn't really designed as a packet pusher,
> but instead is designed as a platform for services like VoIP etc.
> It'll can probably be configured to do what you want, but I'm sure
> you'll be disappointed with the performance, especially for LAN->LAN
> traffic.
>
> --
> Jeff Ollie
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list