Hi,Yes, that would be the

ppolando · ‎03-14-2014

I have two seperate networks in a data center each with their own internet connection. Network A has many users behind the firewall as well as many servers. There is a server that currently process CC transactions. Network A is set up with an ASA 5520.

Network B will have a server that provides a web interface for outside users to go to so they can put their CC information in and this webserver will need to communicate with the CC transaction server on Network A. Network B is set up with an ASA 5510.

Would a site to site VPN between the two servers be a secure way to accomplish this?

Jeff Van Houten · ‎03-15-2014

I think you meant site-to-site VPN between the two Asa. That would be a good design.

Marvin Rhoads · ‎03-16-2014

Yes, site to site VPN between the two ASAs with the access-list restricted to only the minimum required addresses and protocols required to accomplish the CC transaction information exchange.

Whether or not that access-list is equivalent to the two servers depends on the application used and how your authorized users need to interact with them.

ppolando · ‎03-17-2014

Thanks Marvin, but will an ACL that restricts the access to just the two IPs within the VPN Tunnel be secure enough to transmit CC information accross the VPN tunnel or is there something else that can be done to futher harden it?

Sirajhussain · ‎03-16-2014

Hi,

Yes, that would be the good make sure you restrict with ACL and allow only authorized.

All the best

Siraj

best way to connect two physically separate networks for Credit Card transactions