Network Design Question

Hi Experts,

Hope you are all well?

I'm after a little bit of advice and looking around getting conflicting advice.

So I'm doing a bit of network upgrade to our infrastructure. We now have plenty of Cisco Kit to replace all out Linksys Kit. I don't know the best approach at the moment.

Our current setup is:

Internet --> ISP Router (Linksys) --> Switch --> Cisco 2801 (Setup with VLAN's).
(All clients have the Default Gateway of 192.168.1.1 (the Cisco 2801), this then routes all 0.0.0.0 traffic to the ISP Router with route 0.0.0.0 0.0.0.0 192.168.1.4)

I'm going to replace all the kit including the ISP Router and add a ASA5520.

So do I do:-

1. Internet -->> Cisco 2911 --> ASA --> Switches
(This would mean doing the Inter-VLAN stuff on the Firewall - I did try to get a Layer 3 Switch but couldn't get budget)

2. Internet --> ASA --> Cisco 2911 --> Switches

or

3. Internet --> Cisco 2911 --> ASA --> Cisco2911 --> Switches

Many Thanks for any help in advance.

Cheers
Si
LVL 1
TrustGroup-UAEAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
Typically, the ASA would be the first device traffic hits coming in from the internet.

So:  Internet --> ASA --> Cisco 2911 --> Switches

How many networks do you have on the inside?  The ASA can route traffic, so unless you've got more networks than the ASA can handle, or you've got a high volume of traffic internally, I don't see the need for the 2911.
0
TrustGroup-UAEAuthor Commented:
Hi Don,

Inside we have around 11 VLAN's possible moving to 15. We also have 5 Sites coming into HQ via VPN.

Cheers
SI
0
Don JohnstonInstructorCommented:
The 2911 is rated at 180mbp/s throughput.  While the 5520 is rated at 450mbps (through the firewall).  I have to think that it would be higher for local traffic.

That said, it may be worth considering to leave the 2911 out.  Without the 2911, maybe you'd have enough left in the budget for a layer-3 switch.

Internet --> ASA  --> Switches

Unless there's a function on the 2911 which you need that is not available on the 5520.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TrustGroup-UAEAuthor Commented:
Excellent.

Cheers Don. Many thanks for your explanation.

Will drop the Cisco Routers and go or a L3 Switch instead:)

Cheers
Si
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.