Iam setting up a DMZ environment to have External customers access my Servers sitting in the DMZ. I have attached the diagram for reference.
1) 2x ISP links (redundant) - IPSEC connections from customer terminating on our Internet Facing FWs. 2) There are 2 DMZ FWs separting the Corporate (internal) and External environment. 3) The APP server and Jump server is placed behind the Server switches.
1) External customer needs to access Jump server and APP server from over the Internet IPSEC VPN 2) Internal (Corporate) users need to access the Jump server and App server. 3) Any user accessing the Jump server would need to get authenticated with from a Domain controller. Domain controller would be on the Internal corporate segment
1) With the current design, Internal users have to pass DMZ FW and Internet FW to access server. Is it recommended? Is it ok to connect the servers behind a separate pair of server switches? Or can they connect directly to DMZ switches? What is the best possible solution (standard) that is generally followed in this case? 2) If there are multiple customers with IPSEC VPNs coming in, can VLANs be defined and access given accordingly to the servers?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...