Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1500
  • Last Modified:

VRF Help

Hi Guys
I need help with securing Network using VRF Lite all switches are Cisco 3750 running IP Service IOS and configured with EIGRP for routing.
I need to configure those switches with VRF and to achieve what you can see on my table that attached in the VRF Design document.
I know that ASA firewall is not VRF aware! How to configure ACL on ASA to achieve this? Please I need help with configuration steps.
Everything explained in the VRF Design document attached. from Zone1 to Zone 6 and what should we allow and deny please refer to the attached VRF Design document.
Thanks in advance!
M

VRF-Design.doc
0
modathir
Asked:
modathir
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
I'll caveat this with the statement that I've never actually set this up, so it's entirely possible there's a flaw in my logic, but I would think you should be able to connect each VRF to its own ASA interface and treat them as separate DMZs.  You have a choice in whether to use the same or different security levels on the DMZ interfaces but either way you will want an ACL in-bound on each interface controlling what other DMZ that traffic is allowed to reach.  If you assign the same security level for each DMZ traffic is not allowed between those interfaces by default; you would have to use the "same-security-level permit inter-interface" command to permit that traffic, but then the traffic will flow regardless of an ACL.  If you use different security levels, then the default behavior of the ASA where traffic from a more-trusted interface is automatically allowed out a less-trusted interface will apply.  You will also need to have either enough physical interfaces to accommodate the DMZs, or use subinterfaces on the ASA and trunk from one of the VRF-aware 3750s.

I may try to mock this up to see if I'm missing anything major....
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now