I am reposting my query. Below is my original query and the replies I got. I am still in a logjam on how do I go about achieving this.
We have a huge network connecting remote hospitals through microwave links which are terminated in 3560 L3 Switch. The network is using RIP V2 for routing data. Attached is the network diagram.
1. Site-1 is the administration office which receives the DHCP pool and internet from the HO.
2. The hospitals use these microwave links to share data like CT scans etc with each other.
Issue: We want only Site-1 should be able to access the HO. The other sites should not access HO since there can be a security issue but they should be able to share data with other sites.
Someone proposed installing a firewall at the HO, Will that help? What configuration can be done on the existing switches to eliminate this?
Three thoughts here:
1) I believe you should do some static routing between the sites using the microwave links. This will save you the BW utilized by the full routing updates created by RIP. You can do some route redistribution as needed.
2) I would suggest a GRE Tunnel with IPsec. I agree with the post above, you should secure the data crossing the airwaves. Use an access list at HQ to filter traffic from other sites other than site 1.
3) Use a DHCP locally for site one. Again, maximize your BW, by not having DHCP requests and replies having to cross the slowest links. NAT should be done at the EDGE where your network meets to the Internet.
Thank you for all the valuable inputs. However can you please elaborate on the below
1. How Can I configure a GRE Tunnel on Cisco 3560?
2. What kind of ACL would I use to filter traffic at HO?
3. This is something new, the customer wants to do load sharing with his DSL link 512 Kbps at the HO with SITE-1 with the 100 Mbps Microwave link. How do I achieve this?
I have made some changes to the diagram and reattached again.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...