• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1686
  • Last Modified:

Network Switch and Router Layout

Hello Everyone-

I'm a one man IT department for my company and I have a few questions about a network layout.  Currently, we have a cisco PIX as our firewall which is also doing vlan routing to our VoIP vlan.  My questions is, should I set up an internal router such as vyatta and let it do the routing, or is the pix sufficient?  I'm not having any problems with it at the moment, but I was considering implementing an untangle box www.untangle.com and it doesn't pass vlan traffic.  So, to use it I have to change my current setup and let an internal router route vlan requests before passing traffic on to the untangle box.  Here is a diagram of my current, and what I think I should do for my network.  All in all, the most important question is, what will give me the best performance.

My current setup:

Outside router / internet -> PIX -> ProCurve 1800-24G (GB backbone) -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN

What I'm think of doing:

Outside router / internet -> PIX -> Vyatta (or other recommended LAN router) -> ProCurve 1800-24G -> HP procurve 2626 and 2650 PWR switches (3) -> rest of LAN

I would consider the untangle as the main firewall, but I have 3 remote sites that also have PIX's and site-to-site ipsec vpns (which untangle doesn't currently do).  And yes, I realize there are other UTM's, but the price of untangle is what I'm after.

Bottom line is, do I need an internal router for best performance of network, or are they really only needed when you need to segment your internal network?  I know that the procurves will do layer 3 routing, as I have implemented that in the past, but I seem to be getting better performance from the PIX.

I know this is a bit winded, but I'm just trying to get some insight.  Thanks for you help in advance.

0
drspero
Asked:
drspero
2 Solutions
 
2PiFLCommented:

The only reason I'd add another router is for segmenting of the internal network.  It seems in your case that another router will just be a bottle neck.
0
 
r0ssc0Commented:
Dont waste your time implementing another router if you need to segment the internal network do it on the L3 switch
0
 
drsperoAuthor Commented:
Not exactly insightful...I guess when you already know the answer, you shouldn't bother looking for more.  Points divvied up regardless.  Thanks.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now