• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Network Design Question

Hi Experts,

Hope you are all well?

I'm after a little bit of advice and looking around getting conflicting advice.

So I'm doing a bit of network upgrade to our infrastructure. We now have plenty of Cisco Kit to replace all out Linksys Kit. I don't know the best approach at the moment.

Our current setup is:

Internet --> ISP Router (Linksys) --> Switch --> Cisco 2801 (Setup with VLAN's).
(All clients have the Default Gateway of 192.168.1.1 (the Cisco 2801), this then routes all 0.0.0.0 traffic to the ISP Router with route 0.0.0.0 0.0.0.0 192.168.1.4)

I'm going to replace all the kit including the ISP Router and add a ASA5520.

So do I do:-

1. Internet -->> Cisco 2911 --> ASA --> Switches
(This would mean doing the Inter-VLAN stuff on the Firewall - I did try to get a Layer 3 Switch but couldn't get budget)

2. Internet --> ASA --> Cisco 2911 --> Switches

or

3. Internet --> Cisco 2911 --> ASA --> Cisco2911 --> Switches

Many Thanks for any help in advance.

Cheers
Si
0
TrustGroup-UAE
Asked:
TrustGroup-UAE
  • 2
  • 2
1 Solution
 
Don JohnstonInstructorCommented:
Typically, the ASA would be the first device traffic hits coming in from the internet.

So:  Internet --> ASA --> Cisco 2911 --> Switches

How many networks do you have on the inside?  The ASA can route traffic, so unless you've got more networks than the ASA can handle, or you've got a high volume of traffic internally, I don't see the need for the 2911.
0
 
TrustGroup-UAEAuthor Commented:
Hi Don,

Inside we have around 11 VLAN's possible moving to 15. We also have 5 Sites coming into HQ via VPN.

Cheers
SI
0
 
Don JohnstonInstructorCommented:
The 2911 is rated at 180mbp/s throughput.  While the 5520 is rated at 450mbps (through the firewall).  I have to think that it would be higher for local traffic.

That said, it may be worth considering to leave the 2911 out.  Without the 2911, maybe you'd have enough left in the budget for a layer-3 switch.

Internet --> ASA  --> Switches

Unless there's a function on the 2911 which you need that is not available on the 5520.
0
 
TrustGroup-UAEAuthor Commented:
Excellent.

Cheers Don. Many thanks for your explanation.

Will drop the Cisco Routers and go or a L3 Switch instead:)

Cheers
Si
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now