Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Design Consideration for Vendor/DMZ network.

Hello Fellow Net Pro's

I am currently working on a design that includes an extranet/vendor dmz network protected by a couple of ASA 5520's running ospf.

The inside interface of the router is part of area 0 while the dmz interface is part of area 20.

This dmz network will have various vendor routers advertising various routing protocols to the ASA's.

What is the best approach to setting up the proper advertisements from my internal network to the various vendors.

Lets assume all of the vendors have to see all of the same routes from my network.

What type of filters should I be applying, and what security precautions should I be looking out for. I also dont want to become some sort of transit area that starts advertising networks from one vendor to the other.

1 REPLY
Silver

Re: Design Consideration for Vendor/DMZ network.

For avoiding advertisement of one vendor networks to other the sample configuration is present in the document present in the URL given below.this will help in setting up the security as you need.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml

290
Views
0
Helpful
1
Replies
CreatePlease to create content