Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 928
  • Last Modified:

Best practice for VPLS service

I am wondering what the best practice is for a VPLS connection.  Since the connection is a VPN LAN on the same LAN segment as my network is it really necessary to have a firewall between the VPLS end point and my network edge?

Thanks for any help...

Jerry
0
adminjam
Asked:
adminjam
1 Solution
 
btanExec ConsultantCommented:
there is some good discussion in this forum, primarily the FW filter for authorised protocol and permitted traffic. VPLS create that secure tunnel that all, also the local LAN should be segregated prior to the external facing of other site VPN LANs..

https://supportforums.cisco.com/thread/2171058

Your Firewalls at both Sites Can be placed at the WAN connecting between sits, use Multi-VRF lite in your internal LAN for both sites. this ensures segmentation and path isolation between the Small offices Locally. On both Firewalls, you Can Only allow VOIP communication between Sites and add permissions as per your requirement.

it would be good to place a FW in the LAN of each site, even if you dont have a L3 Switch locally to perform the Inter-Vlan routing between Offices, You Can then Leave this functionality to the Firewall, with right Access permition & (Security Level), a FW can do routing between your internal.

FW can do specific filter against VPLS too...overall is to tighen and not be reliant on one layer which can be just encrypted tunnels pt to pt only.

http://www.juniper.net/techpubs/en_US/junos/topics/reference/general/firewall-filter-match-conditions-for-vpls-traffic.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now