I am working on a project where we need to implement a FW on a PE Router as a Managed FW for our corporate users.
The proposed design is as follows:
1. On the FW Side:
a. The FW will be deployed in off-path mode where the customer VLAN will be assigned to the same inside interface of the FW (e.g. VLAN 10) and the outside FW interface will be assigned to a different VLAN (e.g. VLAN 110)
b. the PE will be the default GW for the FW
2. On CE the default GW is the FW inside interface
3. On the PE side:
a. VLANs 10 and 110 will be created
b. CE and FW inside will be assigned to VLAN 10
c. VLAN 110 will be assigned to the customer VRF
d. Static Router pointing to the customer VLAN through the FW outside interface will be made
The main issue is that the PE is currently configured such that sub-interfaces are assigned to VRF which gives 4000 VLAN per interface however if we go with the design described above we will be limiting ourselves to 4000 VLAN globally which is something we cannot afford.
Would you please advise or recommend any design that could help us implement the FW without losing VLAN capability on the PE.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application Engineered...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?
Cisco Software Manager Server
This document describes the programmatic interfaces, RESTful APIs, which are supported by Cisco Software Manager Server (CSM Server).
CSM Server supports a set of finite RESTful APIs. The fir...