we are in the need of doing a proof of concept to a service provider customer, to whom we have proposed a 6500 based security solution. Local Cisco have planned to come through with a POC but thats going to take some time. We also have some equipment and are trying to do a POC our selves. Following is our expected setup.
1. 6509 chassis with sup 720
3. 6748 linecards (no DFC)
Customer is putting up a hosted data center. and also hopes to deploy managed security services to the hosted DC customers. Following are some of the items that i've noticed missing and required for the above list.
1.) virtual FW licenses
2.) good traffic generator (possibly a generator which can raise security events in FWSM and IDSM)
What I also need is a proper setup and a proper guide as to how to do this(possibly a documentation of a similar set up at Cisco CPOC)
any idea on such documentation. Also, can you suggest a good traffic generator for this purpose. Possibly a software one
1) virtual FW licenses. When you purchase the FWSM module it comes with 2 free contexts so you can have an admin context + 2 other contexts. This should be enough for your POC.
2) Traffic generator - depends what type of generator you want. Are you trying to measure throughput or security features. Nessus springs to mind if you are trying security features as this software allows you to test multiple vulnerabilities on servers/routers/switches etc.
As for a guide, again it depends on what you are looking for. Are you looking for documentation on configuring a 6500 with FWSM/IDSM - if so go the Cisco homepage, select "Products and Services", select your product and there will be links for command references and configuration guides.
Iam planning to use the two security contexts as you said.
I do want two types of traffic generators. One to measure security features and the other to measure the throughput.
As per the documentation, what I'm ideally looking for is a guide which tells how to perform such a POC step by step from the equipment set up to configs and measurable params etc. But I know that it might be very hard to find such a doc. I've gone through the SRNDs and those talk about the best practices in data center security, but couldn't find one which satisfies my need. (though i'm thinking of going through some of those again to extract some info from each and to prepare a good test setup)
Also, there were very little info on how to use the IDSM.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...