Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
0
Helpful
1
Replies

ACE 4710 between DMZ and Internal Network

sunjo17
Level 1
Level 1

‎01-17-2011 11:49 PM

Hi,

We are doing a re-design of our network and our consultant cerated a design. And decided to use all Cisco products this time. We have a requirement to enable loadbalancing in DMZ and in Internal Network. The new design uses one ACE 4710 shared between the DMZ network and Internal Network. They uses two context to enable this configuration. My conecern is regarding Security of this configuration. How secure is this when we have a DMZ seperated by Firewall but physically (may be logically) connected  by ACE 4710.

Any help on this much appreciated.

Thanks,

John

Labels:
0 Helpful
1 Reply 1

pablo.nxh
Level 3
Level 3

‎01-20-2011 09:55 AM

Hi John

Quite secure actually, unlike other Cisco load balancer the ACE is a "closed" device where you need to explicitly define what

you want to flow through the box.

Inter-context communication is not allowed within the ACE so even when your DMZ and Inside hosts are physically connected

to the same device they can't talk to each other directly, that communication needs to be routed using L3 device in between; even

if both context are sharing a common VLAN traffic still needs to go to the gateway to establish a flow inside-DMZ and the other way around.

HTH

__ __

Pablo

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card