Forwarding traffic to Cloud, Dependency of maintaining public IP

sreeraj.murali · ‎10-25-2019

Hi Experts,

We are moving the customer app workloads to Oracle cloud.Customer have dependency on existing public IP used at onpremise. So planning, to maintain the the initial entry of App url, VPN, other NAT based access as onpremise only. Cannot use the existing set of Network devices, as lease is getting expired. Please suggest, the basic recommended network "model/devices" for the highlighted switch/router, firewall device, which we want to procure, for achieving the design. Hope the solution will work. Also, advice, for any other best practice design.

Thanks in advance

Sreeraj

Georg Pauwen · ‎10-25-2019

Hello,

to,partially answer your question: it is hard to tell from your topology drawing how big your customer network is, how many users there are, and what the traffic volume is. Which devices to use obviously also depends on your customer's budget.

For the firewall, the Cisco Firepower NGFW Virtual (NGFWv) Appliance Data Sheet is a virtual device optimized for cloud services:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw-virtual/datasheet-c78-742858.html

Otherwise, if you require a physical device, the Cisco ASA 5500-X with FirePOWER Services would be an option:

https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html

As for the router, pretty much all support BGP. The ASR 1000 would be an option:

https://www.cisco.com/c/en/us/products/routers/asr-1000-series-aggregation-services-routers/index.html

sreeraj.murali · ‎10-25-2019

Thanks George.

How about 3850 switch, can this catalyst switch can act as a BGP routing peer to route the subnets between the dedicated circuit ? and static route internally?

I am not much well versed into routing part. So please guide.