Options
Looking for a Security Device
theodoxa
Member Posts: 1,340 ■■■■□□□□□□
I am looking for a security device to place between an R&S/Voice Lab, My Home Network, and the Internet. I want something that is quiet since I intend to leave it on 24/7 to control access to my home network regardless of the state of my Lab network.
It should have the following features:
1) Small and Quiet (I considered a PIX or ASA, but looking at the pictures they don't seem meet this requirement)
2) IPv4 PAT
3) IPv6 NAT-PT to allow IPv4 Only devices to be accessed using IPv6 (I only have 1 Public IPv4 Address, but an entire /64 IPv6 Subnet)
4) IPv4/IPv6 STATEFUL Firewall to control access between my Lab Network, Home Network, and the Internet. My current home router supports IPv6, but it does not seem to allow me to configure the firewall for IPv6. It seems to be hardcoded to deny all unsolicited IPv6 traffic from the WAN side
5) SSL VPN Support to allow me to securely access Remote Potato [installed on my WMC PC] from the Internet
6) VPN Support - This isn't too important since I could always just have one of my lab routers act as the VPN Server
7) 3+ Routed (L3) Fast or Gigabit Ethernet Ports - 1 Internet Side, 1 Home Network, 1 Lab Network.
IOS Console Access [for CLI configuration]
9) SDM or CCP Support [for GUI configuration of the complex firewall rules]
Additionally, if it could support the following features, I could eliminate my current Home Router. This would be preferable since it has some serious shortcomings [for me]:
1) 802.11n Dual Band Wi-Fi (WPA2 using AES) - The 2.4 GHz Band is severely overloaded (there are literally no channels that don't overlap multiple other networks) in my neighborhood. I'm lucky to get 10 Mbps of throughput from my room to the living room. To that end, I am attempting to move as many devices as possible to the less utilized 5 GHz Band and have run Cat. 5e where I can.
2) IPv4 DHCP - Needs to fully support CIDR subnets. This is a problem with my current home router. Whoever wrote the firmware for it took a shortcut and assumed noone would ever use anything other than a /24, so it won't let me assign assign addresses with a 3rd octet that is different than the address of the router's LAN Port [even though I was able to assign it a /23 mask.]
3) Support for some kind of routing [other than just default route] either Static or even better EIGRP. This seems silly, but my previous home router did not have any way of configuring the routing table (I even tried advertising using RIPv2). It would only route between the connected (LAN) network and the default route (WAN/ISP). I was forced to use NAT (to translate my lab network addresses to addresses on the subnet directly connected to the router) between my lab network and home network to allow traffic to flow from my lab to the internet and between my home and lab networks.
It should have the following features:
1) Small and Quiet (I considered a PIX or ASA, but looking at the pictures they don't seem meet this requirement)
2) IPv4 PAT
3) IPv6 NAT-PT to allow IPv4 Only devices to be accessed using IPv6 (I only have 1 Public IPv4 Address, but an entire /64 IPv6 Subnet)
4) IPv4/IPv6 STATEFUL Firewall to control access between my Lab Network, Home Network, and the Internet. My current home router supports IPv6, but it does not seem to allow me to configure the firewall for IPv6. It seems to be hardcoded to deny all unsolicited IPv6 traffic from the WAN side
5) SSL VPN Support to allow me to securely access Remote Potato [installed on my WMC PC] from the Internet
6) VPN Support - This isn't too important since I could always just have one of my lab routers act as the VPN Server
7) 3+ Routed (L3) Fast or Gigabit Ethernet Ports - 1 Internet Side, 1 Home Network, 1 Lab Network.
IOS Console Access [for CLI configuration]9) SDM or CCP Support [for GUI configuration of the complex firewall rules]
Additionally, if it could support the following features, I could eliminate my current Home Router. This would be preferable since it has some serious shortcomings [for me]:
1) 802.11n Dual Band Wi-Fi (WPA2 using AES) - The 2.4 GHz Band is severely overloaded (there are literally no channels that don't overlap multiple other networks) in my neighborhood. I'm lucky to get 10 Mbps of throughput from my room to the living room. To that end, I am attempting to move as many devices as possible to the less utilized 5 GHz Band and have run Cat. 5e where I can.
2) IPv4 DHCP - Needs to fully support CIDR subnets. This is a problem with my current home router. Whoever wrote the firmware for it took a shortcut and assumed noone would ever use anything other than a /24, so it won't let me assign assign addresses with a 3rd octet that is different than the address of the router's LAN Port [even though I was able to assign it a /23 mask.]
3) Support for some kind of routing [other than just default route] either Static or even better EIGRP. This seems silly, but my previous home router did not have any way of configuring the routing table (I even tried advertising using RIPv2). It would only route between the connected (LAN) network and the default route (WAN/ISP). I was forced to use NAT (to translate my lab network addresses to addresses on the subnet directly connected to the router) between my lab network and home network to allow traffic to flow from my lab to the internet and between my home and lab networks.
R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]