Firewall - Am I Thinking Correctly?
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
At work we are getting ready to move away from one product to another and this has opened up a bit of a can of worms as it were. Basically, the idea is we will have a server at eight different locations (completely different networks all unrelated to each other) who will need to connect to us in order to send data. We need to transfer this data in a secure manner so obviously a VPN tunnel will be setup. But the other issue we will run into is we don't want them to be able to traverse into the other networks that are connected through the VPN. My plan is as follows:
Purchase a Cisco ASA 5512-X
Setup an IPSEC VPN
Assign a vlan for each of the 8 locations (along with a different subnet)
Assign a vlan for the server they will all talk to
Create an ACL that allows them to all talk to the server vlan, but not talk to each other
Does this sound correct for what I am looking to accomplish?
Purchase a Cisco ASA 5512-X
Setup an IPSEC VPN
Assign a vlan for each of the 8 locations (along with a different subnet)
Assign a vlan for the server they will all talk to
Create an ACL that allows them to all talk to the server vlan, but not talk to each other
Does this sound correct for what I am looking to accomplish?
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Comments
-
ram1101
Member Posts: 32 ■■□□□□□□□□
the_Grinch wrote: »At work we are getting ready to move away from one product to another and this has opened up a bit of a can of worms as it were. Basically, the idea is we will have a server at eight different locations (completely different networks all unrelated to each other) who will need to connect to us in order to send data. We need to transfer this data in a secure manner so obviously a VPN tunnel will be setup. But the other issue we will run into is we don't want them to be able to traverse into the other networks that are connected through the VPN. My plan is as follows:
Purchase a Cisco ASA 5512-X--****good
Setup an IPSEC VPN---****good
Assign a vlan for each of the 8 locations (along with a different subnet)--*****No vlans just the subnet for eachnetwork
Assign a vlan for the server they will all talk to---****this is specify on the vpn source and destination (example: 192.168.1.0/24 (source) 192.168.2.0/24 (destination) if you want to allow extra communication you would have to add that on the acl for the traffic selctor)
Create an ACL that allows them to all talk to the server vlan, but not talk to each other. ******no need for that that us done using the traffic selector
Does this sound correct for what I am looking to accomplish?
see my notes -
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Excellent! Thanks for the info! I was 50/50 on whether the vlans would be required and now that I know they don't need to be that takes a layer of complexity out.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff