I have a Switch that needs to be able to separate Internal and External IP traffic for Firewall/VPN.
SCENERIO: I have 2 Firewall/VPN devices and an Internet connection plugged into (what I'd like to consider) the External IP ports/VLAN of my switch. The internal ports of the Firewall/VPN devices, along with other equipment, are plugged into the internal ports/VLAN of the switch.
Basically, I have a 24 port switch that needs to have 12 ports on an Interal VLAN and 12 ports on an External VLAN. The Internal VLAN ports will be connecting to our LAN which contains many other VLAN's. What is the best configuration to separate the External from Internal ports on the switch, but still allow other VLAN traffic to flow through to the Firewall/VPN devices.
My security guy would be screaming "NO NO NO NO!" at me if I put this in front of him :-)
I would strongly recommend against using the same switch for outside and inside traffic, unless traffic has to pass through another external firewall first.
I would recommend instead to use either a completely separate switch for the outside, or in a pinch, create a DMZ port on your 5510, and connect your "MedTech VPN"s outside interface to that - negating the need for an outside switch altogether.
If you are dead set on using the switch in this method, then you will need to to:
a) Ensure that the switch IOS is kept up-to date.
b) Your external VLAN (e.g. 666) should be isolated on this switch - so any trunk links coming off this switch should be prevented from carrying vlan 666.
c) Switch VTP OFF so that 666 isn't even visible inside
I completely agree with you. Unfortunately, this ASA device is managed by another company for us. We were told that that using one of the ASA ports to plug in the Medtech VPN would not be possible. Were we miss-informed? I would like to use one of the ASA ports for the other VPN. It would simplify the entire design.
I'm working on a project that includes basic router configurations. I configurated everything including: line console 0, line vty 0 15 and secret passwords. There are 3 routers in the network and every LAN is going t...
Desire to create Terminal Server ("TS" in this document) out of 2811 Cisco Router with HWIC-16A card (with Octal cables)
Desire to use SSH over Telnet
TS is ip'ed, SSH access configured (to the TS)
Python based Script to BULK Import/Delete devices using Cisco Prime API
Check my Repo on GitHub for all the details ( see below link )