Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WAN Design Support

Hello

We are refreshing our network design with keen eye on security. plz advice if all WAN links, VPN,PROXY should be terminated on DMZ to protect.We got ASA 5540 with default ports. Today each service is running on different box and hits core directly.

WAN Router connected to CoreSwitch

ASA firewall connected to CoreSwitch

Wireless LANController Connected to coreSwitch

VPN Router Connected to CoreSwitch

WAN, VPN, Wireless,Proxy Traffic dont pass the firewall

Web Publishing services,SSL VPN passes the firewal

any suggestion and cisco documentation refrence

2 REPLIES
Hall of Fame Super Blue

Re: WAN Design Support

Pratik

Here's a link to the security design docs/guides from Cisco -

http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html

In answer to your questions -

WAN - doesn't need to go through firewall as long as your WAN is trusted ie. all the remote sites

VPN - should be firewalled

Wireless - again if possible should be firewalled

Proxy traffic - not sure which direction you mean but should really be firewalled in either direction.

Jon

New Member

Re: WAN Design Support

very helpful link Jon.

112
Views
4
Helpful
2
Replies