Showing results for 
Search instead for 
Did you mean: 

Extending Internet "vlan" thru core switch

I am trying to add some resilience to my network design by install my internet router outside of our data center so I can route it to my 2nd (outside date center) core router incase of a business continuity event with my data center.  My intention was to extend a non-routed vlan out to the internet router.  This causes an issue as I want to connect this to an existing "internet switch" in our data center that supplies connectivity to several VPN & firewall devices.  I'm not sure if it's an issue or not, but I do not want to have a direct connection between my core and "the internet" even though it is "contained" within a non-router vlan.

Our "Security Engineer" turned several shades of purple as I explaind this to him.  My idea was to bring this non-routed vlan into of ASA as a DMZ, with a security setting of 0 (same as normal internet).  This would prevent a direction connection between the core and the internet switch.

Any thoughts?

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards