Man I feel gooooood....
The Sr. Architects at work have been trying to hammer out a design for a new Virtual Desktop VPN solution. They've been trying to come up with a way to get this to work for 6 months! Their issue... How do we segregate partner traffic so partners can't see each other, especially when the vmware servers VLANs don't have L2 reachability to the VPN hub?
Well it took me one day. But I came up with the perfect solution. L2MPLS over GRE, trunking to a an ASA cut-through proxy using Dynamic Access Policies. Putting all the sub-interfaces in the same security zone prohibits inter-vlan routing, and the DAP ACLs solve the rest.
MMmmm I feel good. I hope I just scored major brownie points. Time to put it into concept. This is going to be some great CCIE training.
Well it took me one day. But I came up with the perfect solution. L2MPLS over GRE, trunking to a an ASA cut-through proxy using Dynamic Access Policies. Putting all the sub-interfaces in the same security zone prohibits inter-vlan routing, and the DAP ACLs solve the rest.
MMmmm I feel good. I hope I just scored major brownie points. Time to put it into concept. This is going to be some great CCIE training.
Currently Reading:
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
Comments
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci)
CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
Now do your company a favor and make sure someone else can understand it. If you get hit by a bus, you didn't do them any favors hehe