Solved

Cisco Network Setup

Posted on 2009-04-15
5
355 Views
Last Modified: 2012-05-06
Guys,

I've been given the go ahead for the following equipment:
Cisco 3845 router
3 x Cisco 3560G switches
2 x Cisco ASA 5520

Whats the best way to set this new network up? i want to use VLANS on my network, where would i create these, on the router or on the 3560's? also, whats better for the 2 ASA's, active/passive or active/active? will they both require a phyical connection to the Router? and will i then just plug the switches into this router?

please advise.

Thanks, Gavin
0
Comment
Question by:Gavin5511
5 Comments
 
LVL 2

Expert Comment

by:chuchyyy
ID: 24148758
You have to configure Vlans on the router (server) in order to redistribute these Vlans to the switches (client).
I don't know about your network, but if you have a huge bandwith with many packets to analyse, you may set the ASA as active/active. If no, you may set the ASA in active/passive mode.
They both require a connection to the router of course, as the switches.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24148948
Create the VLAN's on the 3560 switches (two for core/distribution, one for access) and enable routing on the 3560's to route between VLAN's (Use HSRP on the 3560's for default gateway redundancy).  Trunk between 3560's.

Setup the ASA's for active/passive and plug the inside of each ASA into the two 3560G core switches (inside VLAN).  Plug the outside interfaces from each ASA into the 3560G's (outside VLAN).  Plug the 3845 into the outside VLAN on one of the 3560's.

The 3560 core switches will have a default route via the ASA inside interface IP.  The ASA will have a default route via the 3845.  The ASA will NAT all traffic.  The ASA also needs routes to the inside subnets via the 3560 inside VLAN HSRP IP address.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24149024
I haven't looked at the specs for those devices yet but I will say that you are better off doing your VLAN routing in the Switch if it is a Layer 3 Switch. The reason for this is you don't lose bandwidth by passing all the trans-VLAN traffic through 1 port to the router then back to the switch.
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 24149232
the thing is, i kinda need all 3 switches as access switches. All my clients will plug into 2 of them ,and all my servers will plug into another. Does this change anything? What are the bad points and good points about using active/active? as it seems a waste to keep one ASA doing nothing unless it fails over. Also, how do you link the the 2 ASA's? some kind of heartbeat between the 2? Would i need both ports on the 3845 to be mirrored?

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24149357
The 3845 is for the Internet connection, right?

Active/Active is not worth looking into in your scenario.  It limits the functionality of the ASA (no VPN) and is meant more for virtual Firewalling (customer separation), etc...

You can still use the "core" 3560's as access/layer2 switches.  They will simply provide the added routing that is required if you want to route between VLAN's.  I would avoid using the ASA as an internal router.

The 3845 can only have one connection into one of the "core" switches since you can't have two routed interfaces in the same subnet.  You could however purchase an EtherSwitch module which would allow you to plug the router into both switches.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now