Here's the scenario. Two organizations maintain separate LANs separated by a firewall. The organizations utilize shared resources that are strictly controlled by this firewall. Right now, organization A has an ISP connection to the internet. Organization B uses Organization A's ISP for Internet. Organization B is planning to purchase services from an ISP. Org A will primarily use Org A's ISP and Org B will primarily use Org B's ISP. In the event of a single ISP failure, the other Org will connect to the internet through the other's ISP.
Since these Orgs are connected by a LAN, the transport to allow for routing between each organization's router is a flat layer 2 VLAN. Don't read into this. The routers will be doing the routing. I just need a way to logically connect them so that they can become neighbors. In the attached diagram, I show a physical cable connecting each organization. VLAN 10 is trunked over this cable along with all other internal VLANs. I also show a physical cable that connects the inside switch to the external switch of each organization. VLAN 10 is configured as access ports on each side of this cable.
My first question is this... Is this a secure way of providing a transport to facilitate ISP sharing given the infrastructure? In my mind I know that a physical connection between each organization's external switch would be desireable. What are the security concerns in doing this? What are some ways that I can mitigate those risks?
My second question is this... Assuming that this "transport" VLAN is secure enough, could I eliminate the need for one or both external switches by running VLAN 10 inside of its own VRF on the inside switch and physically cable to the outside interface of the firewall and the inside interface of the router? I've shown this in my second attached diagram.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.