One of my Servers is Web-server and there is a requirement to eliminate the access to the Web-Site (which is resides to this Web-Server) to specific range of public IP Addresses.
For instance my Web-Server has the Private IP Address 10.10.10.10 and via static NAT at my firewall takes place the translation to one Public IP Address 126.96.36.199
In order to implement the requirement I have two basic options:
1)Set ACL at Router to the appropriate physical Gigabit interface
In this instance I am using the internal gigabit interface towards my Firewall. In order to construct the ACL I am using for the destination IP Address the public IP (188.8.131.52). In this case every packet from the internet must be inspect by this ACL before enter to my local network.
2)Set ACL at Multilayer Switch to the appropriate Vlan Interface.
In this instance I am using the corresponding Vlan interface (at the same network of my Web servers). In order to create the ACL I utilize for the destination Address the private IP Address (10.10.10.10) as now there has been executed the NAT translation. In this case the I constraint the inspection only to a specific VLAN but also at the same time many unwanted packets come into my local network up to the Mutlilayer Switch.
Which of these two methods could be assessed more ideal in terms of performance and security?
Hello!I'm looking for a way to make my EEM script more dynamic and automated for my environment. This is what I have - basically I just capture the 4 IPSec peer IP addresses of each neighbor and insert this data into 4 different variables. ...
Hi all,I have a couple of Nexus9k switches. I need to get tcpdump from the physical interface which connected to the server. I'm looking for a specific protocol on tcpdump so that which feature should I use? I asked that because I couldn't full...
We are building out our first few AAR polices and are running into an error message.Built Global Policy with SLA class and traffic rules for voice traffic, attached to to the sites and VPN we needed, no issue. Building a second policy for management ...
Cisco Champion Radio · S7|E45 Network Insights with AI Endpoint Analytics
Identifying who and what is on the network is a challenge for many organizations. Incomplete visibility makes it difficult to implement advanced security policies and recommendatio...