05-29-2009 02:35 AM - edited 02-21-2020 03:29 AM
Hello,
Could I have some help in placing CAS and CAM servers in my existing topology :).
Indeed I want to verify the conformity of Remote users(Connected Via VPN) to my inside servers by NAC, but I have some difficult in placing them.
Is it possible to configure the CAS in VGW mode?
please view the topology in attachement.
regards/.
05-29-2009 06:41 AM
is there a network (with servers or PC's) that sits between the front and back firewalls? I don't often see designs like this with back to back firewalls.
What type of vpn/fw device sits closest to your ISP router?
you will have to configure the CAS in an in-band mode, either L3 or VGW.
05-29-2009 07:18 AM
1/The FW that is closest to the ISP router is an ASA5550.the back FW is a fortinet.
The front FW is used as a VPN server, and there is a 2 DMZ, one for AAA Server, AD, CA Server. and the other is for Web servers.
The back firewall is used to protect mission critical servers, and other networks connected to it.
2/The network that I want to protect using NAC is a set of servers that will be accessed by VPN users.
Where should I place the CAM and CAS servers.
Regards/.
05-31-2009 05:43 PM
Hello Ismail,
The Auth DMZ looks like a suitable zone to place NAM.
Couple of questions, Im no pro in Fortinet, can you do source routing with it? Is the inside switch a L3 switch?
Regards
05-31-2009 11:51 PM
the inside switch is a catalyst 3560, it supports L3.
so for the CAS , where I can place it? Can I configure it as Virtual gateway?
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide