Protecting WAN Interface providing public and private connectivity
I have a client that has an MPLS WAN, Each site gets both public internet connectivity and private wan connectivity from one connection (Multilink T-1s) the provider's network then routes internet traffic out to the WWW and private traffic is routed accordingly via BGP.
The routers have 2 ethernet handoffs 1 with private ips 1 with publics ips.
The public handoff is hooked up to a firewall and outbound traffic is routed via an integration router so that internet traffic goes through the firewall and private traffic goes through the private interface.
I want to make sure that these routers are properly protected. The mutilink interfaces have internet accessible IPs. Is there a way good or bad to protect these interfaces so that private traffic goes through seamlessly but I can apply that will limit access from the internet?
Re: Protecting WAN Interface providing public and private connec
You will have to allow your private IP's. You do not the extra denies, they will be blocked. We're required to log those packets and that's why there in this ACL. Another layer of security would be to user PREFIX lists to filter what routes can come in.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...