We are refreshing our network design with keen eye on security. plz advice if all WAN links, VPN,PROXY should be terminated on DMZ to protect.We got ASA 5540 with default ports. Today each service is running on different box and hits core directly.
WAN Router connected to CoreSwitch
ASA firewall connected to CoreSwitch
Wireless LANController Connected to coreSwitch
VPN Router Connected to CoreSwitch
WAN, VPN, Wireless,Proxy Traffic dont pass the firewall
Web Publishing services,SSL VPN passes the firewal
any suggestion and cisco documentation refrence