Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

best place to put servers and network appliances

We have a private IP range for management, currently this subnet being use for our network equipment e.g switches, routers, ups etc.

However, we have a few appliances that have only a single accessible interface and it also require for both staff and admin access( no management interface). The problem is if we put these applicanes on the private management subnet, tis will be insalso have access to the same interface.

What are the best solutions to secure the appliances from the internal network? What are the best practices and what is the best place to put the appliances that has only a single interface? ( a single inbound and outbound interface for public and administrator access) ?

Thanks for sharing

1 REPLY
Hall of Fame Super Silver

best place to put servers and network appliances

If it needs a public, externally accessible IP, why not just give it a 1-1 static NAT? You could further lock it down with an extended ACL that limits the ports to ones required for the device's function. "Best common practice" is to restrict traffic to the minimum required for proper operations. Generally speaking, devices requiring public access are placed into a DMZ.

Internally, it can use its real IP, whether that's on the management network or some other one. You could set up a separate VLAN (e.g., in the DMZ) for this class of device (apart from the other one that is strictly internal) to further separate the traffic.

574
Views
0
Helpful
1
Replies
CreatePlease login to create content