Secure the Subnets

Joe Lee · ‎01-08-2013

Hello all-

I have network design issues for my client. Please see the network config below.

Current Network:

There are four logical networks configured on the switch, the switch is connected to the router, and the router is connected to the MPLS to hit the other locations. All the networks can fully talk to each other.

Proposed Solution:

1. My client wants to install the firewall, and setup all the policy for those four logical networks on the firewall. Please see attached. For example, Employee network can be accessed all the network, but student network will be restircted to access to few servers from the server network.

2. There will be second switch connected to this main switch through the fiber. So this main switch should be run on the layer 3.

Any recommendation on the proposed soulution?

Regards,

Joe

Gabriel Hill · ‎01-08-2013

Hello Joe,

Prior the the proposed solution, is the router the default gateway for the clients or is the 4507? Have you considered possibly looking into CBAC or ZBFW on the router itself to control internal traffic?

Joe Lee · ‎01-08-2013

Hello Gabriel,

It is for the 4507. Client requests to setup the policy on the firewall.

Regards,

Joe

Joe Lee · ‎01-09-2013

Hello Everyone, any recommendation would appriciated.

Jeff Van Houten · ‎01-09-2013

Move the layer 3 interfaces for the Vlans up to the Asa off of the 4507, then configure the policy as necessary.

Sent from Cisco Technical Support iPad App