Options

Firewall - Am I Thinking Correctly?

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
At work we are getting ready to move away from one product to another and this has opened up a bit of a can of worms as it were. Basically, the idea is we will have a server at eight different locations (completely different networks all unrelated to each other) who will need to connect to us in order to send data. We need to transfer this data in a secure manner so obviously a VPN tunnel will be setup. But the other issue we will run into is we don't want them to be able to traverse into the other networks that are connected through the VPN. My plan is as follows:

Purchase a Cisco ASA 5512-X
Setup an IPSEC VPN
Assign a vlan for each of the 8 locations (along with a different subnet)
Assign a vlan for the server they will all talk to
Create an ACL that allows them to all talk to the server vlan, but not talk to each other

Does this sound correct for what I am looking to accomplish?
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
· Share on FacebookShare on Twitter

Comments

  • Options
    ram1101ram1101 Member Posts: 32 ■■□□□□□□□□
    the_Grinch wrote: »
    At work we are getting ready to move away from one product to another and this has opened up a bit of a can of worms as it were. Basically, the idea is we will have a server at eight different locations (completely different networks all unrelated to each other) who will need to connect to us in order to send data. We need to transfer this data in a secure manner so obviously a VPN tunnel will be setup. But the other issue we will run into is we don't want them to be able to traverse into the other networks that are connected through the VPN. My plan is as follows:

    Purchase a Cisco ASA 5512-X--****good
    Setup an IPSEC VPN---****good
    Assign a vlan for each of the 8 locations (along with a different subnet)--*****No vlans just the subnet for eachnetwork
    Assign a vlan for the server they will all talk to---****this is specify on the vpn source and destination (example: 192.168.1.0/24 (source) 192.168.2.0/24 (destination) if you want to allow extra communication you would have to add that on the acl for the traffic selctor)

    Create an ACL that allows them to all talk to the server vlan, but not talk to each other. ******no need for that that us done using the traffic selector

    Does this sound correct for what I am looking to accomplish?

    see my notes
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Excellent! Thanks for the info! I was 50/50 on whether the vlans would be required and now that I know they don't need to be that takes a layer of complexity out.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
Sign In or Register to comment.