fbpx

Posted on by admin

Creating a scalable RAVPN architecture within Oracle Cloud Infrastructure making use of Cisco Secure Firewall

Oracle Cloud Infrastructure (OCI) offers a wide variety of cloud-computing providers, workloads, and apps to companies globally. With Cisco Secure Firewall, organizations have the ability to create a scalable RAVPN architecture on OCI, supplying employees secure remote usage of their organization’s sources from any endpoint or even location.

This scalable architecture includes Cisco Security and OCI Infrastructure-as-a-service (IaaS) and extends remote control access VPN capabilities with the mix of Cisco Duo, Cisco Umbrella, and AMP Enabler, referred to as Cisco Safe Remote Worker also. Extending this treatment for your OCI atmosphere protects multi-region, multi-accessibility domains.

    • Cisco AnyConnect Secure Flexibility Customer – Cisco AnyConnect Secure Mobility Customer empowers remote employees with frictionless, secure usage of the enterprise system from any device extremely, at any period, in any area while protecting the business.
    • Cisco Duo – Multi-aspect authentication from Duo protects the network with a second way to obtain authentication and validation.
    • Cisco Umbrella Roaming Protection Module – Cisco Umbrella Roaming Safety module for Cisco AnyConnect offers always-on protection on any network, anyplace, any right period – both on / off your corporate VPN. It enforces safety at the DNS coating to prevent malware, phishing, and manage and order callbacks over any interface.
    • Cisco AnyConnect AMP Enabler – Cisco AnyConnect AMP Enabler module protects against malware.

Organizations may deploy Cisco Secure Firewall Risk Protection Virtual (formerly FTDv/NGFWv) and Cisco Secure Firewall ASA Virtual (formerly ASAv) in the OCI atmosphere make it possible for a secure link back to the application form in the cloud. Typically, firewalls scale making use of clustering but, in the cloud, because of abstraction of level-2, it isn’t possible to implement indigenous high-availability and indigenous firewall clustering.

Architects can still style a scalable architecture making use of cloud elements like Oracle’s System Load Balancer (NLB) and DNS.

    • Style 1 – Load balance RAVPN periods to multiple firewalls making use of OCI DNS provider
    • Style 2 – Load balance RAVPN classes to multiple Cisco Protected Firewalls using OCI system load balancer support
    • Style 3 – Load balance RAVPN periods across multiple regions making use of OCI DNS and a system load balancer

Take note: Each firewall runs on the unique VPN swimming pool, and the OCI path table factors to the particular firewall for the VPN swimming pool.

Load stability RAVPN sessions to several firewalls making use of OCI DNS services

In this architecture, we’ve deployed several firewalls in multi-availability domains. OCI DNS service offers a system for RAVPN load balancing.

    • DNS has an FQDN (instance.vpn.com)
    • DNS offers “A” record for every firewall
    • DNS monitors the fitness of each firewalls making use of probes
    • DNS gets DNS query for FQDN and replies with the general public Ip of the Cisco Safe Firewall
    • An individual connects to Cisco Protected Firewall

directly

Body1: Scalable RAVPN architecture making use of Cisco Safe Firewall and OCI DNS

Load stability RAVPN sessions to several Secure Firewall virtual devices using OCI system load balancer assistance

In this architecture, we’ve deployed several firewalls in multi-availability domains. OCI NLB offers a system for RAVPN load balancing.

the IP can be used by

  • An individual address of lots balancer as a VPN headend in AnyConnect client.
  • OCI NLB obtained an SSL VPN program request, also it load-balances the request making use of two tuple load hashing.
  • An individual connects to Cisco Protected Firewall.
ravpn
Determine2: Scalable RAVPN architecture making use of Cisco Safe Firewall and OCI Load Balancer

Load stability RAVPN sessions across several regions making use of OCI DNS and a system load balancer

In this architecture, we’ve deployed several firewalls in multi-availability multi-regions and domains. OCI DNS and NLB give a system for RAVPN load balancing.
    • At the spot degree, OCI NLB load balances visitors making use of two tuple load balancing (identical to Figure 2)
    • At the multi-region degree, OCI DNS load balances visitors using DNS weighted typical (same as Physique 1)
    • DNS has an FQDN (illustration.vpn.com)
    • DNS provides “A” record for every firewall
    • DNS monitors the ongoing wellness of OCI LB
    • DNS gets DNS query for FQDN and replies with the general public Ip of OCI NLB
    • User links to OCI NLB, NLB load balances VPN program predicated on two tuple load balancing technique SSL.
RAVPN
Number3: Multi-Area scalable RAVPN architecture making use of Cisco Protected Firewall, OCI Load Balancer and DNS

Additional assets

Cisco Safe Firewall Threat Protection Virtual information sheet Cisco Protected Firewall ASA Virtual information sheet Movie: Scalable RAVPN architecture for Oracle Cloud making use of Cisco Safe Firewall

We’d want to hear everything you think. Ask a relevant question, Comment Below, and Remain Linked to Cisco Secure on interpersonal!

Cisco Secure Social Stations

Instagram
Facebook
Twitter
LinkedIn