Solved

Cisco Network Setup

Posted on 2009-04-15
5
356 Views
Last Modified: 2012-05-06
Guys,

I've been given the go ahead for the following equipment:
Cisco 3845 router
3 x Cisco 3560G switches
2 x Cisco ASA 5520

Whats the best way to set this new network up? i want to use VLANS on my network, where would i create these, on the router or on the 3560's? also, whats better for the 2 ASA's, active/passive or active/active? will they both require a phyical connection to the Router? and will i then just plug the switches into this router?

please advise.

Thanks, Gavin
0
Comment
Question by:Gavin5511
5 Comments
 
LVL 2

Expert Comment

by:chuchyyy
ID: 24148758
You have to configure Vlans on the router (server) in order to redistribute these Vlans to the switches (client).
I don't know about your network, but if you have a huge bandwith with many packets to analyse, you may set the ASA as active/active. If no, you may set the ASA in active/passive mode.
They both require a connection to the router of course, as the switches.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24148948
Create the VLAN's on the 3560 switches (two for core/distribution, one for access) and enable routing on the 3560's to route between VLAN's (Use HSRP on the 3560's for default gateway redundancy).  Trunk between 3560's.

Setup the ASA's for active/passive and plug the inside of each ASA into the two 3560G core switches (inside VLAN).  Plug the outside interfaces from each ASA into the 3560G's (outside VLAN).  Plug the 3845 into the outside VLAN on one of the 3560's.

The 3560 core switches will have a default route via the ASA inside interface IP.  The ASA will have a default route via the 3845.  The ASA will NAT all traffic.  The ASA also needs routes to the inside subnets via the 3560 inside VLAN HSRP IP address.
0
 
LVL 2

Expert Comment

by:Deoji
ID: 24149024
I haven't looked at the specs for those devices yet but I will say that you are better off doing your VLAN routing in the Switch if it is a Layer 3 Switch. The reason for this is you don't lose bandwidth by passing all the trans-VLAN traffic through 1 port to the router then back to the switch.
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 24149232
the thing is, i kinda need all 3 switches as access switches. All my clients will plug into 2 of them ,and all my servers will plug into another. Does this change anything? What are the bad points and good points about using active/active? as it seems a waste to keep one ASA doing nothing unless it fails over. Also, how do you link the the 2 ASA's? some kind of heartbeat between the 2? Would i need both ports on the 3845 to be mirrored?

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24149357
The 3845 is for the Internet connection, right?

Active/Active is not worth looking into in your scenario.  It limits the functionality of the ASA (no VPN) and is meant more for virtual Firewalling (customer separation), etc...

You can still use the "core" 3560's as access/layer2 switches.  They will simply provide the added routing that is required if you want to route between VLAN's.  I would avoid using the ASA as an internal router.

The 3845 can only have one connection into one of the "core" switches since you can't have two routed interfaces in the same subnet.  You could however purchase an EtherSwitch module which would allow you to plug the router into both switches.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can Cisco resolve internet address internally 4 34
HSRP needed? 4 48
Cisco RSTP portfast 3 52
How to list which IP address is the managed switch in my company ? 13 92
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now