• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

Cisco Network Setup

Guys,

I've been given the go ahead for the following equipment:
Cisco 3845 router
3 x Cisco 3560G switches
2 x Cisco ASA 5520

Whats the best way to set this new network up? i want to use VLANS on my network, where would i create these, on the router or on the 3560's? also, whats better for the 2 ASA's, active/passive or active/active? will they both require a phyical connection to the Router? and will i then just plug the switches into this router?

please advise.

Thanks, Gavin
0
Gavin5511
Asked:
Gavin5511
1 Solution
 
chuchyyyCommented:
You have to configure Vlans on the router (server) in order to redistribute these Vlans to the switches (client).
I don't know about your network, but if you have a huge bandwith with many packets to analyse, you may set the ASA as active/active. If no, you may set the ASA in active/passive mode.
They both require a connection to the router of course, as the switches.
0
 
JFrederick29Commented:
Create the VLAN's on the 3560 switches (two for core/distribution, one for access) and enable routing on the 3560's to route between VLAN's (Use HSRP on the 3560's for default gateway redundancy).  Trunk between 3560's.

Setup the ASA's for active/passive and plug the inside of each ASA into the two 3560G core switches (inside VLAN).  Plug the outside interfaces from each ASA into the 3560G's (outside VLAN).  Plug the 3845 into the outside VLAN on one of the 3560's.

The 3560 core switches will have a default route via the ASA inside interface IP.  The ASA will have a default route via the 3845.  The ASA will NAT all traffic.  The ASA also needs routes to the inside subnets via the 3560 inside VLAN HSRP IP address.
0
 
DeojiCommented:
I haven't looked at the specs for those devices yet but I will say that you are better off doing your VLAN routing in the Switch if it is a Layer 3 Switch. The reason for this is you don't lose bandwidth by passing all the trans-VLAN traffic through 1 port to the router then back to the switch.
0
 
Gavin5511Author Commented:
the thing is, i kinda need all 3 switches as access switches. All my clients will plug into 2 of them ,and all my servers will plug into another. Does this change anything? What are the bad points and good points about using active/active? as it seems a waste to keep one ASA doing nothing unless it fails over. Also, how do you link the the 2 ASA's? some kind of heartbeat between the 2? Would i need both ports on the 3845 to be mirrored?

0
 
JFrederick29Commented:
The 3845 is for the Internet connection, right?

Active/Active is not worth looking into in your scenario.  It limits the functionality of the ASA (no VPN) and is meant more for virtual Firewalling (customer separation), etc...

You can still use the "core" 3560's as access/layer2 switches.  They will simply provide the added routing that is required if you want to route between VLAN's.  I would avoid using the ASA as an internal router.

The 3845 can only have one connection into one of the "core" switches since you can't have two routed interfaces in the same subnet.  You could however purchase an EtherSwitch module which would allow you to plug the router into both switches.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now