seanlabrie
asked on
I need some help writing some route statements for a network we are building
Hi everyone, We're putting together a new multisite network and I need some help with creating route statements on a few of our ASA routers.
Please take a look at the following visio document to see the locations and what IPs we are using on the ASA firewalls.
http://farm3.static.flickr.com/2341/2073805754_1a5c7a60ec_o.jpg
Note: The MPLS routers are controleld by the vendor, but they will create route statements on them for us if need be.
Note: the West Stree CoLo location is running two IP schemes on 1 physical cable segement. There are a few old IP phone that use this IP scheme and we don't want to use vlans or anything like that unless we have to. 10.20.0.0/16 and 192.168.128.0/24
Note: the ASA firewall in each location will be the default gateway for every device in that location.
Thanks everyone.
Please take a look at the following visio document to see the locations and what IPs we are using on the ASA firewalls.
http://farm3.static.flickr.com/2341/2073805754_1a5c7a60ec_o.jpg
Note: The MPLS routers are controleld by the vendor, but they will create route statements on them for us if need be.
Note: the West Stree CoLo location is running two IP schemes on 1 physical cable segement. There are a few old IP phone that use this IP scheme and we don't want to use vlans or anything like that unless we have to. 10.20.0.0/16 and 192.168.128.0/24
Note: the ASA firewall in each location will be the default gateway for every device in that location.
Thanks everyone.
I hope this works... Also if you have some L3 switch internally in your local network, then manage your routes from there rather than from ASA.
also i am assuming that the name of interface on which all the lan networks are terminated is "inside"
ASKER
So i wont need to add route information to either of the MPLS routers? what about the 192.168.128.x network that is also running in the West Street Location?
thanks,
thanks,
ASKER
Also without a route in the Marlborough office pointing to 10.20.x.x how will traffic get from marlborough to West Street?
Thanks again,
Thanks again,
ASKER
You mentioned that I might want to have a L3 switch do the routing instead of the ASA? Is there a reason for that or is it a best practice?
thanks again,
thanks again,
seanlabrie:
So i wont need to add route information to either of the MPLS routers? what about the 192.168.128.x network that is also running in the West Street Location?
> right, they already have the requierd information(Service provider must and shud have taken care of this, or u can recheck with them)... it is the firewall that needs to know as all traffic will hit it before te MPLS
seanlabrie:
Also without a route in the Marlborough office pointing to 10.20.x.x how will traffic get from marlborough to West Street?
You mentioned that I might want to have a L3 switch do the routing instead of the ASA? Is there a reason for that or is it a best practice?
>> Its a good practice. That takes un-necessary load off the f/w. Its basic purpose is to filter traffic.
>> I could see only one MPLS link... i am not sure if you having VPNs as well.... ??
ASKER
Two questions, If we only have firewalls, and not layer 3 switches, will the performance be lower because the firewalls are not as fast as the switches in routing traffic? or should things be pretty much the same, I'm looking to keep the cost of equipment as low as possible. also looking to keep things as simple as possible.
Second, Assuming that I have to tell the MPLS people what routes to add to their routers what should the routing table look like on all five routers? Marlborough has a persistent VPN to Waltham, and Marlborough will need access to west street.
sorry about asking so many questions, but I've never created a routing design before.
Thanks again.
Second, Assuming that I have to tell the MPLS people what routes to add to their routers what should the routing table look like on all five routers? Marlborough has a persistent VPN to Waltham, and Marlborough will need access to west street.
sorry about asking so many questions, but I've never created a routing design before.
Thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Waltham :
route inside 10.20.0.0 255.255.0.0 10.10.1.3
route inside 192.168.128.0 255.255.255.0 10.10.1.3
West street:
route inside 10.10.0.0 255.255.0.0 10.20.1.2