Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Network Design Question

Posted on 2014-11-10
4
Medium Priority
?
231 Views
Last Modified: 2014-11-14
Hi Experts,

Hope you are all well?

I'm after a little bit of advice and looking around getting conflicting advice.

So I'm doing a bit of network upgrade to our infrastructure. We now have plenty of Cisco Kit to replace all out Linksys Kit. I don't know the best approach at the moment.

Our current setup is:

Internet --> ISP Router (Linksys) --> Switch --> Cisco 2801 (Setup with VLAN's).
(All clients have the Default Gateway of 192.168.1.1 (the Cisco 2801), this then routes all 0.0.0.0 traffic to the ISP Router with route 0.0.0.0 0.0.0.0 192.168.1.4)

I'm going to replace all the kit including the ISP Router and add a ASA5520.

So do I do:-

1. Internet -->> Cisco 2911 --> ASA --> Switches
(This would mean doing the Inter-VLAN stuff on the Firewall - I did try to get a Layer 3 Switch but couldn't get budget)

2. Internet --> ASA --> Cisco 2911 --> Switches

or

3. Internet --> Cisco 2911 --> ASA --> Cisco2911 --> Switches

Many Thanks for any help in advance.

Cheers
Si
0
Comment
Question by:TrustGroup-UAE
  • 2
  • 2
4 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40433812
Typically, the ASA would be the first device traffic hits coming in from the internet.

So:  Internet --> ASA --> Cisco 2911 --> Switches

How many networks do you have on the inside?  The ASA can route traffic, so unless you've got more networks than the ASA can handle, or you've got a high volume of traffic internally, I don't see the need for the 2911.
0
 
LVL 1

Author Comment

by:TrustGroup-UAE
ID: 40434523
Hi Don,

Inside we have around 11 VLAN's possible moving to 15. We also have 5 Sites coming into HQ via VPN.

Cheers
SI
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 40434814
The 2911 is rated at 180mbp/s throughput.  While the 5520 is rated at 450mbps (through the firewall).  I have to think that it would be higher for local traffic.

That said, it may be worth considering to leave the 2911 out.  Without the 2911, maybe you'd have enough left in the budget for a layer-3 switch.

Internet --> ASA  --> Switches

Unless there's a function on the 2911 which you need that is not available on the 5520.
0
 
LVL 1

Author Comment

by:TrustGroup-UAE
ID: 40435121
Excellent.

Cheers Don. Many thanks for your explanation.

Will drop the Cisco Routers and go or a L3 Switch instead:)

Cheers
Si
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question