cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
3
Replies

N7K/ACE

Dear All,

I'm designing the network topology for a multi tiered application using Nexus 7010 with ACE 4710 and Juniper firewalls.

Each tier will be in it's own VLAN and IP subnet and communications between tiers needs to be firewalled and in some cases loadbalanced.

I propose to do this by using a different context on the ACE 4710 and using NAT mode within each context.

It's perfectly feasable that a connection could be made for example to a server in the web tier, which would then need to make a connection to a server in the application tier, which would in turn need to make a connection to a server in the database tier.

As far as I can see, the design I've proposed should work. Is anyone in a position to comment on whether there is anything wrong with this design, or a better way to do it?

Many thanks in advance.

Best regards

3 Replies 3

jlamousn
Level 1
Level 1

Mustafa

I have seen this type of design used before.

One thing to keep in mind however is that the ACE cannot internally route traffic from one context to another, so as long there is an intermediary router/firewall to route traffic from one ACE context to another, you should be good.

Joel Lamousnery
CCIE R&S - 36768
Engineer, Customer Support
Technical Services

Joel Lamousnery CCIE R&S - 36768 Engineer, Customer Support Technical Services

Hi Joel,

Many thanks for your response.

Please, do you have any reference documentation (design & config notes) in order to present this to the customer.

What happens if the customer propose to do this by using a single context on the ACE 4710? Are there any security risks associated with using the single context on the ACE.

Many thanks in advance for your help.

Best regards,

Mustafa

Review Cisco Networking for a $25 gift card