Versions Compared

Old Version 4

changes.mady.by.user Rikard Johansson

Saved on

compared with

New Version 5

changes.mady.by.user Rikard Johansson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CNAAS on-net firewalls are managed outbound (a dedicated connection).  A hub-spoke IP-VPN VRF (infra-cpe-mgmt) is used for this purpose on the SUNET PE router. The same VPN/ VRF is used for different customer FW / CPE attachments to the same PE.  On the  CNAAS firewall the interface connected to the SUNET PE is separated from other interfaces using a local VRF "SUNET-infra-cpe-mgmt".  The CNAAS firewall should use security policys allowing traffic only for the required announce(from PE) SUNET management servers. See Management VPN section "VRF Infra-cpe-mgmt (SPOKE)".  

...

links PE - CNAAS / CNAAS FW)
86.105.113.128/26 (https://ipam.sunet.se/prefix/list#/query_string=86.105.113.128/26&search_opt_parent=undefined&search_opt_child=undefined&explicit=true)

...