Solved

Adtran TA612 / SonicWall TZ190 / Cisco Router connection advice

Posted on 2008-10-13
2
744 Views
Last Modified: 2012-05-05
Current network layout is:

DSL Modem -> SonicWall -> Cisco 2950 -> LAN

The DSL modem is in bridge mode and the SonicWall is pulling the current static IP and handling NAT.

We just had out new T1 installed today with an Adtran TA612 handling voice and data. The ISP has given us a class A block with a /29 mask.

I'm wanting to add a Cisco 2621XM in the mix for a couple of reasons. I'd like to move NAT to the Cisco and also I need to throttle the bandwidth so my streaming audio users don't hog it all.

Should I put the Cisco behind or in front of the firewall? Do I assign an address out of my block to each device or use private addresses?

I keep getting my self confused with this many devices connected inline.

Sam
0
Comment
Question by:Indy197902
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
hfraser earned 500 total points
ID: 22914789
I always prefer to have the firewall exposed to the Internet (that's what it was designed for) and leave the switches and routers to do those functions without having to worry about low-level IP hacker tactics. In this context, I'd be installing the router behind the firewall.

Since you have been using the firewall for NAT, I presume your address space internally is probably 192.168, or one of the other non-routable address spaces. You know have a routeable address space to play with, but beware of the pitfalls and unforeseen problems that come from re-addressing all the infrastructure you already have. Inevitably, you incur more downtime and hidden problems than expected. So if your environment is anything non-trivial, I would not suggest re-addressing.

There may be an issue, though. If you move NAT to the new router, you need to check first to see if the firewall has any rules based upon IP address. At this time, it sees all the internal address space, but NAT on the router reduce the traffic to a single address. So while you can certainly use the router for traffic shaping, I'd suggest leaving NAT to the firewall.

It's always easier if you have a greenfield site.
0
 

Author Comment

by:Indy197902
ID: 22927322
Ok, I just went ahead and took the router out of the mix and let the firewall face the internet and provide all the NAT. I didn't see any loss of performance on the internet, so I guess we aren't producing enough traffic to overload the firewall.

Thanks for the insight.

Sam
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question