I'm a newbie with Cisco's SD-WAN/SDA strugling with our companys new PoC....
I have a couple of questions somebody can hopefully answer:
1.) I want my guest VPN to have only internet access and no access to DC. I read that I create DIA with templates but how do I block access between the branches? Do I use a local data policy (ACL) to block them between sites, or do I configure a centralized VPN membership policy that blocks them from being advertised in OMP? I would also like to use the same subnet on all branches...
2.) I have a VPN segment for users that is full mesh between branches, I want to add a new VPN that for security reasons cannot communicate between branches but all communication has to go through firewalls in DC. So as far as I understand the concept I have to block the sites from learning each other TLOC and direct the TLOC's to the DC. But in which direction do I apply the policy?
TY
No comments:
Post a Comment