Router with both public and private connections - how to secure?

Discussion in 'Cisco' started by Bob, Jan 12, 2005.

  1. Bob

    Bob Guest

    I have a router that I need to install (and its required I use a
    single router) with both a private link to the rest of my network as
    well as a public Internet link. I'll take one serial to an Ethernet
    port for the private into my LAN, and the other serial with a public
    IP range to a different Ethernet port on the same router. That in
    turn will go to a firewall, then back to my Corporate LAN for Internet
    access.

    S0/0 --> F0/0 --> Internal LAN (RFC1918 space mostly)
    S0/1 --> F0/1 --> Public Internet (public routable IP's)

    The point of concern is basically within the router. Are there
    examples somewhere that can show how I can secure the router so the
    internal IP range doesn't meet the external IP range? I want to plug
    the hole with the best ACL and policy routing configuration I can
    find. I can't have hackers find their way into my LAN through the
    Internet from this router.

    PS. The above is done for illustration. The router is actually a
    single T3 interface on a serial port with two subinterfaces to a MPLS
    network. I partitioned the DS3 to half bandwidth internal and half
    Internet through the vendor's MPLS network.
     
    Bob, Jan 12, 2005
    #1
    1. Advertisements

  2. Bob

    Ivan Ostreš Guest

    You could (theoretically) divide router in two virtual routers using
    VRF's if software allows it. Then you could add specific interfaces to
    specific VRF's. This will give you two separate routing tables and two
    virtual routers on one physical box.

    Just an idea...
     
    Ivan Ostreš, Jan 12, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.