[c-nsp] Logical Router Segmentation
Justin Shore
justin at justinshore.com
Sun Jan 11 16:34:14 EST 2009
You could also route out to IU via a DMZ interface on the firewall.
Depending on what services they're providing to you, you may be required
(by law in many cases) to encrypt the transmission of data to IU. This
would be the case if you were a medical institution transmitting data to
an offsite data warehousing facility (HIPAA) or if you were an
educational institution and this facility was providing you with data
warehousing again, internal email hosting, grading and attendance apps,
etc (FERPA and/or HIPAA).
Justin
Chris Burwell wrote:
> More than likely we will go in the direction of adding an additional
> layer 3 device off of the external interface of our firewall. We will
> use this layer 3 device to make the decision as to which interface the
> traffic should be forwarded onto.
>
> We could probably accomplish this with a Procurve layer 3 switch,
> which can handle the basic routing as well as the traffic for a
> minimal amount. Everything is still up in the air right now. I still
> need to have several meetings with both our proposed ISP as well as
> the network admin from the IU. From there I should have the proper
> information to make a solid recommendation.
>
> As I said before, I will report back what I find about HPs support of
> VRF-Lite (or something similar).
More information about the cisco-nsp
mailing list