Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > mpls bgp consideration

Thread Tools

mpls bgp consideration

Posts: n/a
hi all

in our lan, we plan to install 2 nokia checkpoint which connect to the
ISP network.
We have offical address, a complete class C, and some addresses are
used by the 2 external firewall interfaces.

in our lan, these 2 nokia checkpoint firewall doesn't share the same
layer 3 segment.
but in the future, if mpls is implemented, they might be.
an idea is to have a common dmz, reachable by the 2 checkpoints.

both firewall will be used for http traffic, load sharing, by the
and both will allow vpn access.
internal routing is eigrp.

one checkpoint is already installed, external range A.B.C.129-254 /
25, with a dmz A.B.C.144/28
the other is to be replaced , it is currently a borderware firewall,
external range with A.B.C.1-126 / 25
with another dmz (and different servers),
in our current borderware configuration, traffic from external to
internal is "natted", means that servers have private address
( /24) and not offical address
basically, it functions by port redirection.

while NAT is said to be more secure, a server cannot be reached from
external except on configured "natted" port.

I thought it would more scalable given the potential mpls
implemntation, and "dmz consolidation", to give these servers offical
addresses. and not to uses NAT
(i know that checkpoint provide natting functions),

my question is, according to you all, are there any bgp, mpls, or ISP
related features i should consider in my choice.
I dont know much about that, but i think to give offical address are
more appropriate.

thanks for your consideration


Reply With Quote
theapplebee theapplebee is offline
Join Date: Jun 2009
Location: USA
Posts: 67
If you have links from two ISPs, inbound/outbound traffic need to be considered due to one of firewall function which is stateful inspection. If you messed up with inbound and outbound traffic you internal folks will blaming you.
Not too worry about MPLS. Most of ISP are using MPLS in common.
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
mpls bgp consideration nini Cisco 0 11-26-2008 08:16 AM
MPLS VPN Issue - Can't Ping (MPLS Encapsulation Failed) Peter Danes Cisco 5 09-22-2008 02:13 PM
Help in understanding an MPLS network (MPLS newbie) ttripp Cisco 4 11-12-2007 10:29 PM
MPLS: DiffServ & TE paths are really required to deploy commercial VoIP over a MPLS network. Jimmi Cisco 0 08-16-2005 01:34 PM
Experts: Is it possible to combine policy-based MPLS-TE + MPLS-VPN ? Herbert Haas Cisco 0 01-09-2004 09:20 AM