Solved

Cisco Network Setup

Posted on 2009-04-15
5
359 Views
Last Modified: 2012-05-06
Guys,

I've been given the go ahead for the following equipment:
Cisco 3845 router
3 x Cisco 3560G switches
2 x Cisco ASA 5520

Whats the best way to set this new network up? i want to use VLANS on my network, where would i create these, on the router or on the 3560's? also, whats better for the 2 ASA's, active/passive or active/active? will they both require a phyical connection to the Router? and will i then just plug the switches into this router?

please advise.

Thanks, Gavin
0
Comment
Question by:Gavin5511
5 Comments
 
LVL 2

Expert Comment

by:chuchyyy
ID: 24148758
You have to configure Vlans on the router (server) in order to redistribute these Vlans to the switches (client).
I don't know about your network, but if you have a huge bandwith with many packets to analyse, you may set the ASA as active/active. If no, you may set the ASA in active/passive mode.
They both require a connection to the router of course, as the switches.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24148948
Create the VLAN's on the 3560 switches (two for core/distribution, one for access) and enable routing on the 3560's to route between VLAN's (Use HSRP on the 3560's for default gateway redundancy).  Trunk between 3560's.

Setup the ASA's for active/passive and plug the inside of each ASA into the two 3560G core switches (inside VLAN).  Plug the outside interfaces from each ASA into the 3560G's (outside VLAN).  Plug the 3845 into the outside VLAN on one of the 3560's.

The 3560 core switches will have a default route via the ASA inside interface IP.  The ASA will have a default route via the 3845.  The ASA will NAT all traffic.  The ASA also needs routes to the inside subnets via the 3560 inside VLAN HSRP IP address.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24149024
I haven't looked at the specs for those devices yet but I will say that you are better off doing your VLAN routing in the Switch if it is a Layer 3 Switch. The reason for this is you don't lose bandwidth by passing all the trans-VLAN traffic through 1 port to the router then back to the switch.
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 24149232
the thing is, i kinda need all 3 switches as access switches. All my clients will plug into 2 of them ,and all my servers will plug into another. Does this change anything? What are the bad points and good points about using active/active? as it seems a waste to keep one ASA doing nothing unless it fails over. Also, how do you link the the 2 ASA's? some kind of heartbeat between the 2? Would i need both ports on the 3845 to be mirrored?

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24149357
The 3845 is for the Internet connection, right?

Active/Active is not worth looking into in your scenario.  It limits the functionality of the ASA (no VPN) and is meant more for virtual Firewalling (customer separation), etc...

You can still use the "core" 3560's as access/layer2 switches.  They will simply provide the added routing that is required if you want to route between VLAN's.  I would avoid using the ASA as an internal router.

The 3845 can only have one connection into one of the "core" switches since you can't have two routed interfaces in the same subnet.  You could however purchase an EtherSwitch module which would allow you to plug the router into both switches.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ping Through ASA Firewall 6 46
SIP / Streaming - real time communications testing 8 89
Changing password for HP switch 5 35
Cisco WRVS4400N 11 36
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question