I am currently in class and we have been assigned a case study with an unlimited budget, and having to stick to Cisco devices only, now this is a tactical case study (which basically means I know the tactical implementation of setting up this LAN) what the instructors want is to tie in a civilian case study into this military portion. I need to know what I would need to set up a LAN with approx. 35,000-60,000 users including VTC, access to the internet, classified network, satellite integration, secure and unclassified e-mail, firewall, BGP, etc. There is one company headquarters, three regional headquarters, four departmental headquarters (each with three sections); any and all help I could get on this project would be sincerely appreciated, thanks in advance.
Looking at your email I guess you are in the Army. Therefore, before talking equipment you definitely need to assess what you can connect and what is not allowed. I.e. a RESTRICTED network can be connected to the Internet IF you use an EAL4 certified device a DMZ and another EAL4 certified device from a different vendor.
A CONFIDENTIAL has more stringent requirement (cannot be discussed here) and SECRET and above CANNOT be connected.
Pixes are EAL (Common Criteria) accredited in Europe and I believe they have been approved by NSA for use up to restricted (not including the 3des VPN).
Therefore I strongly encourage you to assess your security constraints BEFORE starting working on the equipment list.
Then assess the data flow. Problem are when data goes from higher security to lower. The other way is easy.
Infact if you just require to feed data from the Internet to a higher security zone, you can solve the problem with a client in the low security zone (protected by firewall) pushing data to a server in the higher security zone. You can remove the trasmit wires of the server interface (you will need an additional interface toward the high security network) and use a protocol with no acknowledgement.
Remember in the world of classified, security is well above functionality and cost. You might need custom hardware and software.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...