Solved

Network Design Question

Posted on 2014-11-10
4
226 Views
Last Modified: 2014-11-14
Hi Experts,

Hope you are all well?

I'm after a little bit of advice and looking around getting conflicting advice.

So I'm doing a bit of network upgrade to our infrastructure. We now have plenty of Cisco Kit to replace all out Linksys Kit. I don't know the best approach at the moment.

Our current setup is:

Internet --> ISP Router (Linksys) --> Switch --> Cisco 2801 (Setup with VLAN's).
(All clients have the Default Gateway of 192.168.1.1 (the Cisco 2801), this then routes all 0.0.0.0 traffic to the ISP Router with route 0.0.0.0 0.0.0.0 192.168.1.4)

I'm going to replace all the kit including the ISP Router and add a ASA5520.

So do I do:-

1. Internet -->> Cisco 2911 --> ASA --> Switches
(This would mean doing the Inter-VLAN stuff on the Firewall - I did try to get a Layer 3 Switch but couldn't get budget)

2. Internet --> ASA --> Cisco 2911 --> Switches

or

3. Internet --> Cisco 2911 --> ASA --> Cisco2911 --> Switches

Many Thanks for any help in advance.

Cheers
Si
0
Comment
Question by:TrustGroup-UAE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40433812
Typically, the ASA would be the first device traffic hits coming in from the internet.

So:  Internet --> ASA --> Cisco 2911 --> Switches

How many networks do you have on the inside?  The ASA can route traffic, so unless you've got more networks than the ASA can handle, or you've got a high volume of traffic internally, I don't see the need for the 2911.
0
 
LVL 1

Author Comment

by:TrustGroup-UAE
ID: 40434523
Hi Don,

Inside we have around 11 VLAN's possible moving to 15. We also have 5 Sites coming into HQ via VPN.

Cheers
SI
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40434814
The 2911 is rated at 180mbp/s throughput.  While the 5520 is rated at 450mbps (through the firewall).  I have to think that it would be higher for local traffic.

That said, it may be worth considering to leave the 2911 out.  Without the 2911, maybe you'd have enough left in the budget for a layer-3 switch.

Internet --> ASA  --> Switches

Unless there's a function on the 2911 which you need that is not available on the 5520.
0
 
LVL 1

Author Comment

by:TrustGroup-UAE
ID: 40435121
Excellent.

Cheers Don. Many thanks for your explanation.

Will drop the Cisco Routers and go or a L3 Switch instead:)

Cheers
Si
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question