Need suggestions how to use an ASA firewall between corporate and industrial networks.
I need some suggestions on how to use a Cisco ASA as a firewall between my Company's corporate and Industrial networks. Here's my situation.
We currently have our Corp and Industrial networks internet connected at our core switch,they are on separate VLANS. I want to place the firewall between the VLANS to prevent corporate users from being able to access the Industrial network. The exception is the engineers who need access from the corp network to troubleshoot issues on the industrial network. They use remote access tools such as RDP and VNC. In your minds what is the best way to deploy an ASA to allow these users past the firewall, they will be coming from a multitude of IP addresses on the corporate side which will constantly change depending on their location and connection path. I would like to tie their access to Active Directory OU's vs IP's so I think traditional ACL's are not going to cut it. Also, they will be VPN'ing into the network from home using Cisco Anyconnect to a different ASA on the border of our corporate network so my solution needs to be client-less once they get on the corporate network....any suggestions would be much appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...