asked on new network setup
hello,
i m setting up a new network comprising of 1 Cisco Pix 515e, 1 Cisco Router 2811, 1 Cisco 24 port switch 3750, as shown in the diagram below.
Couple of question i have is, do i need a separate switch for the DMZ or using one switch (cisco 3750) is ok?
the connection on the diagram (particularly for DMZ) is that relativley secure setup?
if DMZ servers need to communicate with servers on the 10.10.100.0 subnet, do i have to create a route with ACL list on the router or on the Pix?
As these questions are more towards the physical connectivity i will create separate question if i need any assistance with any configuration, only to be fair to you guys?
thank you
diagram.JPG
i m setting up a new network comprising of 1 Cisco Pix 515e, 1 Cisco Router 2811, 1 Cisco 24 port switch 3750, as shown in the diagram below.
Couple of question i have is, do i need a separate switch for the DMZ or using one switch (cisco 3750) is ok?
the connection on the diagram (particularly for DMZ) is that relativley secure setup?
if DMZ servers need to communicate with servers on the 10.10.100.0 subnet, do i have to create a route with ACL list on the router or on the Pix?
As these questions are more towards the physical connectivity i will create separate question if i need any assistance with any configuration, only to be fair to you guys?
thank you
diagram.JPG
NetworkingCiscoRouters
Last Comment
icdl101
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
ok i have taken the router out of the picture.
under what circumstances would it be beneficial to have the router in place( just wondering).
ok now i will create 2 Vlans on the Switch
Vlan 5
Vlan 10 (DMZ)
Vlan 5 ports 1-18 (port one Trunk Port -- Ethernet 1)
Vlan 10 ports 19-24 (port 24 Trunk port -- Ethernet 2)
do i need to remove all the ports from VLAN 1 as that would be the default VLAN on cisco switches.
(i m more familiar with Extreme Switches that's why i m asking)
thanks
under what circumstances would it be beneficial to have the router in place( just wondering).
ok now i will create 2 Vlans on the Switch
Vlan 5
Vlan 10 (DMZ)
Vlan 5 ports 1-18 (port one Trunk Port -- Ethernet 1)
Vlan 10 ports 19-24 (port 24 Trunk port -- Ethernet 2)
do i need to remove all the ports from VLAN 1 as that would be the default VLAN on cisco switches.
(i m more familiar with Extreme Switches that's why i m asking)
thanks
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thank you guys i m starting a new question to follow up on this network design, please do follow it. As you have answered to what i have asked it is only fair that i ask this question separately even though it pertains to the same topic. You may follow Part 2 over here https://www.experts-exchange.com/questions/25195856/Cisco-Pix-515e-Redundancy-setup.html?fromWizard=true
Depending on what kind of data you are dealing with i would also remove the CISCO 2811, but use it to pysically seperate the DMZ from the LAN.
There are institutions which DO NOT accept as vlan seperation on the same hardware (Except Firewall) as a secure setting.
So for sure you CAN do the two vlans on the 3750, but since you have a spare router i would suggest using it like mentioned.
And in any case, the routing and acl is done on the PIX.