Router with both public and private connections - how to secure?

Discussion in 'Cisco' started by Bob, Jan 12, 2005.

  1. Bob

    Bob Guest

    I have a router that I need to install (and its required I use a
    single router) with both a private link to the rest of my network as
    well as a public Internet link. I'll take one serial to an Ethernet
    port for the private into my LAN, and the other serial with a public
    IP range to a different Ethernet port on the same router. That in
    turn will go to a firewall, then back to my Corporate LAN for Internet
    access.

    S0/0 --> F0/0 --> Internal LAN (RFC1918 space mostly)
    S0/1 --> F0/1 --> Public Internet (public routable IP's)

    The point of concern is basically within the router. Are there
    examples somewhere that can show how I can secure the router so the
    internal IP range doesn't meet the external IP range? I want to plug
    the hole with the best ACL and policy routing configuration I can
    find. I can't have hackers find their way into my LAN through the
    Internet from this router.

    PS. The above is done for illustration. The router is actually a
    single T3 interface on a serial port with two subinterfaces to a MPLS
    network. I partitioned the DS3 to half bandwidth internal and half
    Internet through the vendor's MPLS network.
     
    Bob, Jan 12, 2005
    #1
    1. Advertising

  2. Bob

    Ivan Ostreš Guest

    In article <>, bobh1234
    @hotmail.com says...
    > I have a router that I need to install (and its required I use a
    > single router) with both a private link to the rest of my network as
    > well as a public Internet link. I'll take one serial to an Ethernet
    > port for the private into my LAN, and the other serial with a public
    > IP range to a different Ethernet port on the same router. That in
    > turn will go to a firewall, then back to my Corporate LAN for Internet
    > access.
    >
    > S0/0 --> F0/0 --> Internal LAN (RFC1918 space mostly)
    > S0/1 --> F0/1 --> Public Internet (public routable IP's)
    >
    > The point of concern is basically within the router. Are there
    > examples somewhere that can show how I can secure the router so the
    > internal IP range doesn't meet the external IP range? I want to plug
    > the hole with the best ACL and policy routing configuration I can
    > find. I can't have hackers find their way into my LAN through the
    > Internet from this router.
    >
    >


    You could (theoretically) divide router in two virtual routers using
    VRF's if software allows it. Then you could add specific interfaces to
    specific VRF's. This will give you two separate routing tables and two
    virtual routers on one physical box.

    Just an idea...

    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
     
    Ivan Ostreš, Jan 12, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page