Azure virtual WAN (vWAN): Lessons Learned

Azure virtual WAN (vWAN ) is undoubtedly a strong choice in the wide-area network (WAN) connectivity model, utilizing third-party backbones. It holds significant potential and functionalities, but it is also a relatively immature and evolving service with certain limitations in use cases that deviate from the Azure reference architecture.

In this post, I would like to share my first-hand experiences and lessons learned from integrating vWAN into my use case. I hope that these insights can assist you in making decisions and implementing workarounds to address challenges arising from certain limitations.

Here we go!🚀

(more…)
January 10, 2024 Azure, BGP, Cloud, Security, vWAN No comments yet

Zscaler Internet Access – Client Connector Forwarding Modes

The cloud has fostered the evolution of traditional connectivity models to improve the user and application experience. Security is becoming a growing concern as traditional perimeters are disappearing and a Zero Trust approach is essential in today’s security architectures.

(more…)
January 5, 2022 Cloud, Security, Zscaler No comments yet

NAT: IPsec DMVPN and Internet Access – Review NAT Deployment scenarios

This post describes different deployment scenarios where Network Address Translation (NAT) is implemented with IPsec DMVPN.

(more…)
December 29, 2017 L3 Technologies, NAT, Security, Training No comments yet

IPsec: Crypto Maps, GRE and VTI

This post describes the configuration of IPsec using four different methods in order to achieve authentication and encryption. We will compare the configuration requirements as well as the overhead introduced by each method from the point of view of packet size.

(more…)
November 14, 2017 IPsec, L3 Technologies, Security, Training No comments yet

Software Defined Networks and Security

Software Defined Networking (SDN) is a network architecture that simplifies network management and enables innovation in communication networks. SDN decouples the control and data planes; the control plane is logically centralized and makes the decisions that the data plane implements: the network becomes “programmable”. This separation of the control and data planes in SDN opens security challenges, such as man-in-the middle attacks, denial of service (DoS) attacks, and saturation attacks.

(more…)
July 19, 2017 Blog, Security No comments yet

Setting up Remote Access VPN for Firepower Threat Defense

Remote Access VPN (RA VPN) is available in Firepower Threat Defense (FTD) 6.2.1 for 2100 Platforms. For all other Platforms it will be supported on version 6.2.2.

(more…)
July 6, 2017 Blog, Firewall, Security No comments yet

Cisco Unified Wireless Network Solution – Guest Wireless

Background

Public WLAN has caused mobile workers to become accustomed to being able to access their corporate network from practically anywhere. This paradigm of public access has extended to the enterprise itself and brings a well-founded apprehension over how to secure internal company information and infrastructure assets.

Cisco proposes Unified Wireless Network Solution for Guest Access to provide users with Internet access in a secure manner.

(more…)
April 26, 2017 Projects, Security, Wireless No comments yet

Cisco ASA Cluster – Spanned EtherChannel Mode

ASA clustering consists of multiple ASAs acting as a single unit, see Figure 1.

Spanned EtherChannel is the Cisco recommended implementation in which interfaces on multiple members of the cluster are grouped into a single EtherChannel; the EtherChannel performs load balancing between units.

(more…)
April 24, 2017 Firewall, Projects, Security No comments yet
Subscribe to my Newsletter!
Recent Comments