Azure virtual WAN (vWAN): Lessons Learned

Azure virtual WAN (vWAN ) is undoubtedly a strong choice in the wide-area network (WAN) connectivity model, utilizing third-party backbones. It holds significant potential and functionalities, but it is also a relatively immature and evolving service with certain limitations in use cases that deviate from the Azure reference architecture.

In this post, I would like to share my first-hand experiences and lessons learned from integrating vWAN into my use case. I hope that these insights can assist you in making decisions and implementing workarounds to address challenges arising from certain limitations.

Here we go!🚀

(more…)

Zscaler Internet Access – Client Connector Forwarding Modes

The cloud has fostered the evolution of traditional connectivity models to improve the user and application experience. Security is becoming a growing concern as traditional perimeters are disappearing and a Zero Trust approach is essential in today’s security architectures.

(more…)

NAT: IPsec DMVPN and Internet Access – Review NAT Deployment scenarios

This post describes different deployment scenarios where Network Address Translation (NAT) is implemented with IPsec DMVPN.

(more…)

IPsec: Crypto Maps, GRE and VTI

This post describes the configuration of IPsec using four different methods in order to achieve authentication and encryption. We will compare the configuration requirements as well as the overhead introduced by each method from the point of view of packet size.

(more…)

Software Defined Networks and Security

Software Defined Networking (SDN) is a network architecture that simplifies network management and enables innovation in communication networks. SDN decouples the control and data planes; the control plane is logically centralized and makes the decisions that the data plane implements: the network becomes “programmable”. This separation of the control and data planes in SDN opens security challenges, such as man-in-the middle attacks, denial of service (DoS) attacks, and saturation attacks.

(more…)

Setting up Remote Access VPN for Firepower Threat Defense

Remote Access VPN (RA VPN) is available in Firepower Threat Defense (FTD) 6.2.1 for 2100 Platforms. For all other Platforms it will be supported on version 6.2.2.

(more…)

Cisco Unified Wireless Network Solution – Guest Wireless

Background

Public WLAN has caused mobile workers to become accustomed to being able to access their corporate network from practically anywhere. This paradigm of public access has extended to the enterprise itself and brings a well-founded apprehension over how to secure internal company information and infrastructure assets.

Cisco proposes Unified Wireless Network Solution for Guest Access to provide users with Internet access in a secure manner.

(more…)

Cisco ASA Cluster – Spanned EtherChannel Mode

ASA clustering consists of multiple ASAs acting as a single unit, see Figure 1.

Spanned EtherChannel is the Cisco recommended implementation in which interfaces on multiple members of the cluster are grouped into a single EtherChannel; the EtherChannel performs load balancing between units.

(more…)