on the inside interface I have the Office VLAN and the Servers (AD, File Server) VLAN, now it seems that the ASA is allowing all traffic to go through between both VLANS since they both reside within the Inside Interface and both sub interfaces have the same security level.
But in reality I think it is not best practice to have these VLANS open to each other, I was thinking that the Office VLAN should only be able to access the Servers VLAN on the required ports needed for Active Directory and SMB file access.
What should normally in the scenario explained above be allowed from the Office VLAN to access the Servers VLAN ?
Same type of access is required for Remote VPN users (from outside iterface) as they will also need to connect to the AD and File Servers but from another subnet assigned by a DHCP VPN Pool.
Like you said, it just depends on your needs and what you are trying to accomplish. Are your servers public facing? Do you have other offices that access the servers? How much administrative overhead do you want? Can your model push enough traffic that it won't be a bottleneck?
I like segmenting when possible, especially when protecting critical data. But it may not be the best solution in every case.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...