[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
A sample implementation of secure routing in the Internet WAN edge module is shown below and it integrates the SAFE guidelines to:
•Authenticate all routing peers.
•Only distribute the hub IP address out of the external routing domain. This is a loopback interface that is common across the hub devices.
•Disable routing on all interfaces by default.
•Explicitly enable the internal routing domain on interfaces to the WAN edge distribution switches and the VPN tunnels.
•Explicitly enable the external routing domain on interfaces to the private WAN.
•Only permit distribution into the internal routing domain of the branch subnets advertised from the tunnel interfaces.
•Enable neighbor logging on all routing domains.
The recommendation for secure WAN connectivity in the WAN edge includes the following:
•VPN for traffic isolation over the WAN
There are a number of VPN options and the choice will vary based on specific customer requirements. DMVPN, for instance, offers support for VPN over both a private WAN and the Internet, as well as multicast and dynamic routing. Consequently, DMVPN can be integrated to enable a common VPN implementation if both these WAN types are deployed at remote sites.
•Public Key Infrastructure (PKI) for strong tunnel authentication
PKI provides secure, scalable, and manageable authentication that is critical to large-scale VPN deployments. PKI also features the dynamic renewal and revocation of certificates that enables the dynamic commissioning and decommissioning of branches with ease.
•Advanced Encryption Standard (AES) for strong encryption
Data over the Internet is vulnerable to sniffing; therefore, encryption is critical to data confidentially and integrity. Data over a private WAN can also be encrypted for maximum security or for compliance reasons.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.