Router & ISA Security, Help!!!!

March 4, 2011 at 03:55:50
Specs: Windows XP
I work in a school and have just had our ADSL Broadband connection replaced with Fibre Internet service from BT. Previous to the upgrade we had a CISCO 1840 installed on which we had NAT and a Firewall enabled on.

BT have installed a CISCO 3825 Router which they state is fully managed by them, however, they will not provide / allow NAT for a firewall to be configured on this router.

Our config before was
217.x.x.x (Internet address)
192.168.1.x (CISCI 1840 Router with NAT & Firewall)
192.168.1.x (EXT Card on Web Server)
192.168.10.x (INT Card on Web Server)
ISA 2000 installed on Web Server
192.168.x.x (IP Range for LAN)

New Settings:
86.x.x.192 (IP Provided by BT)
86.x.x.193 (CISCO 3825)
86.x.x.194 (1st available / usable Public IP)

I need advice on how I should proceed with NAT & Firewall. Can you please advise on whether it would be best to purchase a hardware firewall with NAT in order to get the new settings to work securely along with my network or can I simply configure ISA 2000 to do this?
Would this put extra load on my server etc etc etc, please help?

See More: Router & ISA Security, Help!!!!

Report •

March 4, 2011 at 04:39:25
The problem is, the new Cisco router is configured as a bridge, no firewall, no NAT etc.
I would suggest, to use a second router, that is managed by yourself.
Configure the e.g. first public ip address at the WAN interface of the second router, with all the gateway and DNS settings.
Configure the LAN interface with e.g.
This router acts as your gateway to the internet for all the other PCs.

Click Here on HowTo ask good Question to get best Help
Let us know, if the problem is solved !!!

Report •

March 4, 2011 at 06:16:35
Had thought of this. I guess my old CISCO won't be compatiable as it was for ADSL?

Do you have any idea on which router would be best and what I can expect to pay for this?

In the near future I will need to upgrade my Web Server & Web Server Software including ISA.
Given all this do you think I should still go with an additional router (would this slow up the traffic?) or could a new version of ISA do this for me?

Report •

March 4, 2011 at 10:07:54
You don't have to use the second router for ADSL, because the first router connects you to the internet.
Therefore, the WAN interface will get one of the public ip addresses, and the internal interface gets an ip of 192.168.1.x and acts as a router with firewall. The WAN interface is acting as a LAN interface with I guess 100 MBit/s.

Click Here on HowTo ask good Question to get best Help
Let us know, if the problem is solved !!!

Report •
Related Solutions

Ask Question