https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647651#M196702 <P>Hello All,</P><P>I am trying to get a better idea of how to improve security between my MPLS sites.</P><P>I currently have 10 MPLS sites sharing a 100 Mb backbone, each location is connected physically</P><P>using a L3 Switch provided by the Telco. I simply plug that L3 switch into my L3 Switch and distribute my networks using OSPF.</P><P>Should I add an ASA between L3 switches to improve security ?</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:34:07 GMT Alex Li 2019-03-12T05:34:07Z https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647651#M196702 <P>Hello All,</P><P>I am trying to get a better idea of how to improve security between my MPLS sites.</P><P>I currently have 10 MPLS sites sharing a 100 Mb backbone, each location is connected physically</P><P>using a L3 Switch provided by the Telco. I simply plug that L3 switch into my L3 Switch and distribute my networks using OSPF.</P><P>Should I add an ASA between L3 switches to improve security ?</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:34:07 GMT https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647651#M196702 Alex Li 2019-03-12T05:34:07Z https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647652#M196703 <P>Colin</P><P>It depends on your security requirements.</P><P>MPLS is a private network so many companies do not firewall their connections to it because it is only their internal users who have access to the network.</P><P>Obviously that doesn't necessarily mean you don't need firewalling for critical internal servers but that is a separate issue from the MPLS side of things.</P><P>If you don't trust your SP then you should probably be thinking about a new SP rather than firewalling.</P><P>Some companies do encrypt traffic over their MPLS connections but again this is to address specific security concerns which many other companies don't have.</P><P>Jon</P> Thu, 26 Feb 2015 21:36:34 GMT https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647652#M196703 Jon Marshall 2015-02-26T21:36:34Z https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647653#M196704 <P><SPAN style="font-family:arial,helvetica,sans-serif;"><SPAN style="font-size:14px;">Hi, Colin Tennyson.</SPAN></SPAN></P><P><SPAN style="font-family:arial,helvetica,sans-serif;"><SPAN style="font-size:14px;">&nbsp;Definitely agree with Jon. However,adding a security appliance would secure your connection in your network.&nbsp;This is advisable as connecting through&nbsp;different sites, im sure that security would pose an issue.</SPAN></SPAN></P><P><SPAN style="font-family:arial,helvetica,sans-serif;"><SPAN style="font-size:14px;">Happy to Serve!</SPAN></SPAN></P><P><SPAN style="font-family:arial,helvetica,sans-serif;"><SPAN style="font-size:14px;">Barry</SPAN></SPAN></P><P>&nbsp;</P> Fri, 27 Feb 2015 17:06:00 GMT https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647653#M196704 bsiapco 2015-02-27T17:06:00Z https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647654#M196705 <P>Barry</P><P><EM>Definitely agree with Jon</EM></P><P><EM>This is advisable as connecting through&nbsp;different sites, im sure that security would pose an issue</EM></P><P>The second statement pretty much contradicts the first.</P><P>Can you expand on what you mean by your second statement ?</P><P>What are the issues you are referring to ?</P><P>If every company firewalled it's private WAN connections then yes it would definitely mean a lot more firewalls were sold but it's not something most companies do in my experience so what is your reasoning for recommending it ?</P><P>Just curious really as it's not something I have come across before.</P><P>Jon</P> Sat, 28 Feb 2015 13:41:08 GMT https://community.cisco.com/t5/network-security/mpls-security-design/m-p/2647654#M196705 Jon Marshall 2015-02-28T13:41:08Z