I am tasked with designing a solution for securing a datacenter from the corporate environment. Several different properties are hosted from one datcenter which is connect to the corporate environment via a few T1s. The question is how do I provide each "client"/property the adaquate access to their site while securing each from each other.
My first thought is to use VLANs in the switch environment and filter routes into the datacenter so that downstream corporate sites can only route to datacenter if they absolutely need to. I planned on putting a PIX to further separate the datacenter from corporate environment. Finally my plan was to put a VPN box to force users to authenticate and control what and where each each user has access.
What else can I use to accomplish this goal? I was considering Private VLANs which should isolate each client/property but would that be possible using 2980Gs as my access switch? What would that really buy me? If anyone has any docs or case studies that I can read that would be great. Thanks in advance.
I don't think you can terminate T1s in catalyst switches, of course you can configure AAA on cisco routers and make the users sign up for their accessability. What you would require is a radius or a Tacacs+ server.
The T1s are going into 3640 routers. On the other side there are 2621 terminating the T1s. I am already running Cisco ACS secure for both TACACS+ authentication and authorization and Radius for our VPN connections.
The question was geared for a more general response. Like what is the best method of securing a share datacenter and access to said datacenter. If the two clients of the shared datacenter are on the same switch infrastructure how can private vlans help secure? If the administrator for one of the clients of the share datacenter needs remote access how do I lock the environment down so that he cannot access other clients in the share enviroment?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...