Fala galera beleza?
O colega Uldis Dzerkals co-fundador do EVE criou o lab abaixo para demonstrar o poder do EVE-NG, o lab foi criado para testar as versões do ASAv 9.10 e do ISE 2.3.
Task:
- Configure ASAv in HA active/standby
- Configure CTS SXP peering between SW1 and ASAv. ASAv and SW1 are ISE TrustSec clients
- VLAN 11 (inside) is SXP trusted communication between ASAv and SW1
- ISE is configured with SGT Corp_DOT1X and Guest_MAB, dACL and authorization profiles VLAN 11 tag.
- Authenticate PC1-MAB with ISE (mab) and authorize it in security group Guest_MAB
- Authorize PC2-DOT1X with ISE (dot1x) and authorize it in security group Corp_DOT1X
- PC1-MAB are able to reach http dmz1.eve.lab server only
- PC2-DOT1X are able to reach http dmz2.eve.lab server and internet (ping 8.8.8.8 lo0 on ISP)
Images used:
- IOL SW 15.2 (version with mab, dot1x, cts/sxp support)
- IOL L3 15.4.2T
- ASAv 9.10 (demo lic)
- ISE 2.3 (eval lic)
- Winserver 2008 as DNS and AD server
- Windows 7 32 bit as MAB and DOT1X hosts
- EVE-PRO Docker server-gui as dmz servers and Mgmnt host
- NTP server, simple L3 IOL router 15.4.2T
- Cloud (cloud5) Mgmt100 is used simple EVE free cloud network to stretch mgmt vlan across lab and for better looking.
Resultado:
Link:
https://www.linkedin.com/pulse/eve-ng-pro-sxp-asav-security-lab-uldis-dzerkals/
Abraços
Nenhum comentário:
Postar um comentário