mpls bgp consideration
- From: nini <lao.ignace@xxxxxxxxx>
- Date: Wed, 26 Nov 2008 00:16:19 -0800 (PST)
hi all
in our lan, we plan to install 2 nokia checkpoint which connect to the
ISP network.
We have offical address, a complete class C, and some addresses are
used by the 2 external firewall interfaces.
in our lan, these 2 nokia checkpoint firewall doesn't share the same
layer 3 segment.
but in the future, if mpls is implemented, they might be.
an idea is to have a common dmz, reachable by the 2 checkpoints.
both firewall will be used for http traffic, load sharing, by the
moment
and both will allow vpn access.
internal routing is eigrp.
one checkpoint is already installed, external range A.B.C.129-254 /
25, with a dmz A.B.C.144/28
the other is to be replaced , it is currently a borderware firewall,
external range with A.B.C.1-126 / 25
with another dmz (and different servers),
in our current borderware configuration, traffic from external to
internal is "natted", means that servers have private address
(10.0.0.0 /24) and not offical address
basically, it functions by port redirection.
while NAT is said to be more secure, a server cannot be reached from
external except on configured "natted" port.
I thought it would more scalable given the potential mpls
implemntation, and "dmz consolidation", to give these servers offical
addresses. and not to uses NAT
(i know that checkpoint provide natting functions),
my question is, according to you all, are there any bgp, mpls, or ISP
related features i should consider in my choice.
I dont know much about that, but i think to give offical address are
more appropriate.
thanks for your consideration
igni
.
- Prev by Date: Re: 2960 Ethernet interfaces going down
- Next by Date: mpls bgp consideration
- Previous by thread: Suggestions on How to Authenticate? Passwords, Certs, SecureID or?
- Next by thread: mpls bgp consideration
- Index(es):
Relevant Pages
|
