Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
0
Helpful
3
Replies

N7K/ACE

Mustafa Kederoglu
Level 1
Level 1

‎03-11-2013 01:09 PM

Dear All,

I'm designing the network topology for a multi tiered application using Nexus 7010 with ACE 4710 and Juniper firewalls.

Each tier will be in it's own VLAN and IP subnet and communications between tiers needs to be firewalled and in some cases loadbalanced.

I propose to do this by using a different context on the ACE 4710 and using NAT mode within each context.

It's perfectly feasable that a connection could be made for example to a server in the web tier, which would then need to make a connection to a server in the application tier, which would in turn need to make a connection to a server in the database tier.

As far as I can see, the design I've proposed should work. Is anyone in a position to comment on whether there is anything wrong with this design, or a better way to do it?

Many thanks in advance.

Best regards

Labels:
0 Helpful
3 Replies 3

jlamousn
Level 1
Level 1

‎03-13-2013 08:17 AM

Mustafa

I have seen this type of design used before.

One thing to keep in mind however is that the ACE cannot internally route traffic from one context to another, so as long there is an intermediary router/firewall to route traffic from one ACE context to another, you should be good.

Joel Lamousnery
CCIE R&S - 36768
Engineer, Customer Support
Technical Services

Joel Lamousnery CCIE R&S - 36768 Engineer, Customer Support Technical Services
0 Helpful

Mustafa Kederoglu
Level 1
Level 1
In response to jlamousn

‎03-13-2013 09:05 AM

Hi Joel,

Many thanks for your response.

Please, do you have any reference documentation (design & config notes) in order to present this to the customer.

What happens if the customer propose to do this by using a single context on the ACE 4710? Are there any security risks associated with using the single context on the ACE.

Many thanks in advance for your help.

Best regards,

Mustafa

0 Helpful

InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to Mustafa Kederoglu

‎03-18-2013 10:32 AM

Hi Mustafa,

I hope the below link helps you in some way:

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/ps8361/white_paper_c11-688039.html#wp9000184

Regards

Inayath

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card