Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Pid(Hbl) for Asa,Csc & Csm

Pid(Hbl) for Asa,Csc & Csm

Ratings: (0)|Views: 128|Likes:
Published by api-3733153

More info:

Published by: api-3733153 on Oct 19, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Post-Installation document
HCL Comnet Limited - Kolkata
Data Centre Security Implementation
Himalayan Bank Ltd.
PO772403, PO781708
Cisco Solution with ASA, CSC and CSM

The solution consists of two Cisco ASA Firewall along with the CSC (Content Security and Control) module (ASA 5510 with AIP-SSM-10). The Prime objective is to merge the different networks and define specific access policies for clients accessing different services.

Implementation of security devices has been done on the basis of the proposed diagram for application installation. In the design, there are two Cisco ASA firewalls with inbuilt CSC modules.

The Internet Facing ASA (ASA 5510 with AIP-SSM-10) is having 3 zones namely
outside (terminating to a Cisco switch where the internal interface of internet router

is also terminated),d mz andinsi de zone. All the servers which are required be accessed from internet have been placed in Demilitarized zone (dmz). The inside interface is connected to the Core L3 CISCO switch and will be the default gateway for Thamel LAN as well as L3 switch. The internet facing ASA will act as perimeter security gateway deployed to inspect and filter out all unwanted traffic except those which are explicitly allowed by the access list according to HBL\u2019s access policy.

The internal ASA has been deployed to provide in-depth second-layer of security to business-critical resources like core banking servers, database servers and mail servers. Precisely, the internal ASA has been configured with three interfaces (zones) namely,SE RVE R zone,L AN zone andW AN zone. The interface facing LAN zone is connected to the internal L3 switch in a separate L3 VLAN. The interface facing WAN zone is connected to the another L3 switch which is further connected to WAN router(s). The third interface, configured as server zone, is connected to server farm switch where all business critical servers are placed. This design provides in-depth multilayer security from External (internet) threats as well as restricts/provides specific limited access from WAN and even LAN to these business critical servers.

Further, the perimeter ASA has been configured to send all http, https and only incoming smtp & pop3 traffic to inbuilt CSC module for virus, spyware, spam and other malware scanning. The internal ASA has also been configured to send all http, ftp, smtp and pop3 traffic to the inbuilt CSC module.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->