cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community will be experiencing a downtime on 17/Dec/18 02:20 AM GMT-0600 / 17-Dec 12 AM PST for 15 mins. Sorry for the inconvenience.

82
Views
0
Helpful
2
Replies
Highlighted
Beginner

MPLS Security Design

Hi guys,

The question is about layers of security to implement MPLS link.

Today my MPLS link are terminanting on Border Routers that are performing BGP Single Multi-homed as well.

After this Border Router I have the Firewall performing external NAT and External filtering only and fowarding the traffic via Switch core to Internal Firewall that perform all internal filtering.

So, the communication is in the bellow way: internet > border-router > external-firewall > core-switch > internal-firewall

 

The security team is asking us about external-firewall role that only performs external filtering and can't perform the routing by yours.

 

In this way the traffic would be through> internet > border-router > core-switch > internal-firewall.

 

My point is, whats the best place and recomendation to this case?

Are there some document/recomendation, best practice design to this scenario?

 

Thank you in advance.

2 REPLIES
Rising star

Re: MPLS Security Design

it depends...

What is external firewall doing? NAT? 

 

Beginner

Re: MPLS Security Design

Alekseev

 

Yes. It is doing NAT and are our border firewall.

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers