Scribd Logo
Upload

Welcome to Scribd!

  • clinet.com Edge ASA Deployment Details

    Uploaded by

    Nova Joseph
    6 views3 pages
    xxx

    Original Title

    BRKSEC-2020

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    xxx

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views3 pages

    clinet.com Edge ASA Deployment Details

    Uploaded by

    Nova Joseph
    xxx

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    clinet.

    com Edge ASA Deployment Details

    clinet.com ASN 65345


    IP Range 128.107.1.0/24
    1
    Edge Routers Edge
    running HSRP
    FHRP address is
    Aggregation
    128.107.1.1 6
    DMZ Network(2) Two DMZ Zones will be created:
    3 1- Web Public (www, DNS, smtp)
    Outside and DMZ (Public Web/DB) 2- Partner Intranet (wwwin, Oracle
    using Redundant 3 link)
    Interfaces G0/0
    0/1 G0/2 6
    2
    3 VLAN 150
    FW
    with NAT and ACLs Routing G0/3 Public Web DMZ 10.200.1.0/24
    protocol will be used on inside - G0/5
    T0/6 VLAN 151
    T0/7 Partner Intranet 10.100.100.0/24
    4 Web/App/dB (Oracle) 172.16.25.250
    VPC VPC
    4
    Inside Interface
    using
    EtherChannel tive/Standby HA
    ll be used at the
    5 VLAN VLAN edge
    VLAN 2
    120 1299 DMZ 5
    Diversion Use-case specific Internal Zones:
    Inside Zone for
    network VL2 Security Diversion network for
    Network contractor
    for scanning questionable traffic
    / BYOD
    Scanning VL120 Primary Internal Zone - services the
    unknown primary internal network
    VL1299 Isolated Internal DMZ for BYOD /
    contractor / unknown Internet access only
    clinet.com DC AGG ASA Deployment Details
    1 VLAN
    General Requirements
    VLAN 2 VLAN 120
    Use-case specific Internal 1299 DMZ
    Zones from Edge Diversion Inside
    1 1 Zone for
    Aggregation into core network Network
    contractor / Data Centre
    for
    BYOD Core
    Scanning
    unknown (Routed)
    4
    DC Core is routed using OSPF.
    Routing will remain in place (on
    OSPF Routed Core DC Switches). ASA must be
    deployed without disrupting
    current L3 architecture
    PCI-CTX (Routed)
    Data Centre
    PCI Zone
    Aggregation

    BYOD-CTX
    (Transparent)
    3 Virtual Access / VLAN 1299 DMZ BYOD
    Compute Networks

    2
    2 ASA Cluster BYOD/Unknown DMZ and
    - Partner Oracle Access
    mixed-mode system. Will have both controlled by ASA vFW
    L3 and L2 contexts to solve use case PTNR-CTX
    3 5
    ASA Clustering is used for scale Virtual ASA deployed within (Transparent)
    and HA Leverages cLACP for hypervisor to protect East/West VLAN 201 Oracle dB1
    Data Plane (EtherChannel) Traffic Flows
    clinet.com Data Centre Compute ASAv Deployment
    General Requirements
    VLAN
    VLAN 2 VLAN 120
    1299 DMZ
    Diversion Inside
    Zone for
    network Network
    contractor / Data Centre
    for
    BYOD Core
    Scanning
    unknown (Routed)

    OSPF Routed Core

    PCI-CTX (Routed)
    Data Centre
    PCI Zone
    Aggregation

    BYOD-CTX
    (Transparent)
    Virtual Access / VLAN 1299 DMZ BYOD
    Compute Networks
    VLAN 445 AD, exch, etc.

    PTNR-CTX
    (Transparent)
    VLAN 201 Oracle dB1

    You might also like