Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
1
Replies

FWSM: Design considerations routing, PBR

d.bader
Level 1
Level 1

‎06-16-2004 11:39 PM - edited ‎03-09-2019 07:46 AM

Hi Afaq

We are going to add new security to our health-care network, which connects different locations to each other. It seems to be a great solution using multiple contexts on FWSM. In fact, there is no support for OSPF routing. We provide a central remote-access solution, Internet-access and WAN connections (dual-homed) to the other locations. Static routing give me not a brief overview about the availability of partial subnets and requires lots of routing configuration for multiple contexts.

What is your recommendation? Or, how can I get dynamic routing updates from outside to inside? I guess, that a separate VLAN routed by MSFC by-passing the FWSM is not a great idea.

On the other hand, pointing inbound traffic to the right context (virtual firewall) needs PBR (policy based routing). Right?

Thanks in advance.

Regards

Daniel

Labels:
0 Helpful
1 Reply 1

jonathanstevens
Level 1
Level 1

‎06-17-2004 03:30 AM

You could consider allowing a dynamic routing protocol to pass though the firewall devices, and use the transparent firewall option. However, I think you would need to consider the security implications of doing so very carefully, and secure the routing protocol itself as much as is possible (e.g. authentication, encryption, redistribution control, etc.).

Another option might be to consider using SAA probes and tracking, as per the recent article in packet magazine.

look at cisco.com/packet/162_4a2

and cisco.com/packet/162_4a3 for more info.

0 Helpful
Customers Also Viewed These Support Documents