Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
1
Replies

What's the best practice for firewalling the management VLAN?

emilyforcisco1
Level 1
Level 1

‎07-08-2016 01:32 PM - edited ‎03-12-2019 01:00 AM

I am looking for suggestions on the best way to place an ASA firewall on a large multi-VLAN network in such a way that it would protect the "management VLAN" (where all of the Cisco switches and some servers are assigned IPs) from the other VLANs on the network infrastructure?

It seems to get pretty complicated when you really think about it.  Every VLAN has an SVI on the primary core switch and all of the VLANs are automatically routed between one another right now--including the management VLAN.

To complicate matters, we have a foreign network (DMZ) that is terminated with an IP connected to the management VLAN with a routing rule in the primary core switch to route all DMZ-bound traffic to that particular IP.  So, this VLAN is actively used for routing out traffic.

Anyone have any ideas on how I can do this and prevent my migraine from getting any worse?

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-08-2016 06:10 PM

If you are going to have a management network then it should be in a separate VRF.  It shouldn't really be reachable form the "main" network, or it should at least have a firewall between the main network and the management network.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card