03-11-2013 01:09 PM
Dear All,
I'm designing the network topology for a multi tiered application using Nexus 7010 with ACE 4710 and Juniper firewalls.
Each tier will be in it's own VLAN and IP subnet and communications between tiers needs to be firewalled and in some cases loadbalanced.
I propose to do this by using a different context on the ACE 4710 and using NAT mode within each context.
It's perfectly feasable that a connection could be made for example to a server in the web tier, which would then need to make a connection to a server in the application tier, which would in turn need to make a connection to a server in the database tier.
As far as I can see, the design I've proposed should work. Is anyone in a position to comment on whether there is anything wrong with this design, or a better way to do it?
Many thanks in advance.
Best regards
03-13-2013 08:17 AM
Mustafa
I have seen this type of design used before.
One thing to keep in mind however is that the ACE cannot internally route traffic from one context to another, so as long there is an intermediary router/firewall to route traffic from one ACE context to another, you should be good.
Joel Lamousnery
CCIE R&S - 36768
Engineer, Customer Support
Technical Services
03-13-2013 09:05 AM
Hi Joel,
Many thanks for your response.
Please, do you have any reference documentation (design & config notes) in order to present this to the customer.
What happens if the customer propose to do this by using a single context on the ACE 4710? Are there any security risks associated with using the single context on the ACE.
Many thanks in advance for your help.
Best regards,
Mustafa
03-18-2013 10:32 AM
Hi Mustafa,
I hope the below link helps you in some way:
Regards
Inayath
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide