Best practice for VPLS service

I am wondering what the best practice is for a VPLS connection.  Since the connection is a VPN LAN on the same LAN segment as my network is it really necessary to have a firewall between the VPLS end point and my network edge?

Thanks for any help...

Jerry
adminjamAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
there is some good discussion in this forum, primarily the FW filter for authorised protocol and permitted traffic. VPLS create that secure tunnel that all, also the local LAN should be segregated prior to the external facing of other site VPN LANs..

https://supportforums.cisco.com/thread/2171058

Your Firewalls at both Sites Can be placed at the WAN connecting between sits, use Multi-VRF lite in your internal LAN for both sites. this ensures segmentation and path isolation between the Small offices Locally. On both Firewalls, you Can Only allow VOIP communication between Sites and add permissions as per your requirement.

it would be good to place a FW in the LAN of each site, even if you dont have a L3 Switch locally to perform the Inter-Vlan routing between Offices, You Can then Leave this functionality to the Firewall, with right Access permition & (Security Level), a FW can do routing between your internal.

FW can do specific filter against VPLS too...overall is to tighen and not be reliant on one layer which can be just encrypted tunnels pt to pt only.

http://www.juniper.net/techpubs/en_US/junos/topics/reference/general/firewall-filter-match-conditions-for-vpls-traffic.html
0
All Courses

From novice to tech pro — start learning today.