Questions about PIX 501


My netowkr at the momet is this:

4mbit DSL line - range public IP from *.81 to *.87

.80 network address - not in use .81 cisco 837 router 12.3(7)T8

---------- DMZ below: .82 ftp server .83 www server .84 honeypot server (lol) .85 none

------- DMZ end.

.86 symantec vpn hardware appliance 100 .87 broadcast address - not in use

secure lan : (nat behind symantec firewall IP .86)

Actually i use ACL on my router, I used IDS but after the latest IOS, the IDS only disrupts my communications, ftp etc... I cannot figure out wich patterns make this mess..

The public servers are first screened by ACL rules on the cisco 837, then they got over them a software packet filter with stateful inspection.

I would like to implement a LARGE ACL, including spyware hosts, trojan hosts... etc, as seen on

formatting link

Is the C837 suitable for this? It has 8mb flash and soon 48mb dram (now 32)

Should i put a pix 501 just behind the c 837 to screen the DMZ (and the private lan screened again by the simantec firewall) with all the long ACL ?

Would the performance be degraded ??

Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.