In article , Barry Streets wrote: :I have 2 different subnets that are currently connected together with a :Cisco router. I want to improve the security and control th traffic (access) :between the subnets. Are ACL a good way to go or would it be better to :replace the router with a small firewall like netscreen 5GT or equiv????
ACLs are fine if the controls you need can easily be expressed statically -- for example, if *all* you allow access to is HTTP and SMTP. If, though, you start getting into more complex situations, such as active FTP (which negotiates a port dynamically) then you are better off either putting in a firewall or upgrading your Cisco Router IOS to include the FW (Firewall) feature set.