Solved

Network Design Question

Posted on 2014-11-10
4
221 Views
Last Modified: 2014-11-14
Hi Experts,

Hope you are all well?

I'm after a little bit of advice and looking around getting conflicting advice.

So I'm doing a bit of network upgrade to our infrastructure. We now have plenty of Cisco Kit to replace all out Linksys Kit. I don't know the best approach at the moment.

Our current setup is:

Internet --> ISP Router (Linksys) --> Switch --> Cisco 2801 (Setup with VLAN's).
(All clients have the Default Gateway of 192.168.1.1 (the Cisco 2801), this then routes all 0.0.0.0 traffic to the ISP Router with route 0.0.0.0 0.0.0.0 192.168.1.4)

I'm going to replace all the kit including the ISP Router and add a ASA5520.

So do I do:-

1. Internet -->> Cisco 2911 --> ASA --> Switches
(This would mean doing the Inter-VLAN stuff on the Firewall - I did try to get a Layer 3 Switch but couldn't get budget)

2. Internet --> ASA --> Cisco 2911 --> Switches

or

3. Internet --> Cisco 2911 --> ASA --> Cisco2911 --> Switches

Many Thanks for any help in advance.

Cheers
Si
0
Comment
Question by:TrustGroup-UAE
  • 2
  • 2
4 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40433812
Typically, the ASA would be the first device traffic hits coming in from the internet.

So:  Internet --> ASA --> Cisco 2911 --> Switches

How many networks do you have on the inside?  The ASA can route traffic, so unless you've got more networks than the ASA can handle, or you've got a high volume of traffic internally, I don't see the need for the 2911.
0
 
LVL 1

Author Comment

by:TrustGroup-UAE
ID: 40434523
Hi Don,

Inside we have around 11 VLAN's possible moving to 15. We also have 5 Sites coming into HQ via VPN.

Cheers
SI
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40434814
The 2911 is rated at 180mbp/s throughput.  While the 5520 is rated at 450mbps (through the firewall).  I have to think that it would be higher for local traffic.

That said, it may be worth considering to leave the 2911 out.  Without the 2911, maybe you'd have enough left in the budget for a layer-3 switch.

Internet --> ASA  --> Switches

Unless there's a function on the 2911 which you need that is not available on the 5520.
0
 
LVL 1

Author Comment

by:TrustGroup-UAE
ID: 40435121
Excellent.

Cheers Don. Many thanks for your explanation.

Will drop the Cisco Routers and go or a L3 Switch instead:)

Cheers
Si
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router DMZ 5 63
OpenView NNM: Global Manager to Regional Manager connection fails 7 56
stacking Catalyst 3650 20 36
EIGRP on point-to-point vlan 14 65
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now