In article <>, bobh1234
@hotmail.com says...
> I have a router that I need to install (and its required I use a
> single router) with both a private link to the rest of my network as
> well as a public Internet link. I'll take one serial to an Ethernet
> port for the private into my LAN, and the other serial with a public
> IP range to a different Ethernet port on the same router. That in
> turn will go to a firewall, then back to my Corporate LAN for Internet
> access.
>
> S0/0 --> F0/0 --> Internal LAN (RFC1918 space mostly)
> S0/1 --> F0/1 --> Public Internet (public routable IP's)
>
> The point of concern is basically within the router. Are there
> examples somewhere that can show how I can secure the router so the
> internal IP range doesn't meet the external IP range? I want to plug
> the hole with the best ACL and policy routing configuration I can
> find. I can't have hackers find their way into my LAN through the
> Internet from this router.
>
>
You could (theoretically) divide router in two virtual routers using
VRF's if software allows it. Then you could add specific interfaces to
specific VRF's. This will give you two separate routing tables and two
virtual routers on one physical box.
Just an idea...
--
-Ivan.
*** Use Rot13 to see my eMail address ***
|
