We have a private IP range for management, currently this subnet being use for our network equipment e.g switches, routers, ups etc.
However, we have a few appliances that have only a single accessible interface and it also require for both staff and admin access( no management interface). The problem is if we put these applicanes on the private management subnet, tis will be insalso have access to the same interface.
What are the best solutions to secure the appliances from the internal network? What are the best practices and what is the best place to put the appliances that has only a single interface? ( a single inbound and outbound interface for public and administrator access) ?
If it needs a public, externally accessible IP, why not just give it a 1-1 static NAT? You could further lock it down with an extended ACL that limits the ports to ones required for the device's function. "Best common practice" is to restrict traffic to the minimum required for proper operations. Generally speaking, devices requiring public access are placed into a DMZ.
Internally, it can use its real IP, whether that's on the management network or some other one. You could set up a separate VLAN (e.g., in the DMZ) for this class of device (apart from the other one that is strictly internal) to further separate the traffic.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :