?
Solved

Cisco help

Posted on 2016-08-04
4
Medium Priority
?
58 Views
Last Modified: 2016-08-04
I  have an old Cisco 3825 router that I am replacing with ASA 5525x Firepower IPS and ISR 4431 router. My old router has 2 outside interfaces (handoffs) that bandwidth comes in from COLO and 1 interface that is a cross connect to my circuits. The old router is running the following roles/protocols: VPN (few different flavors dynamic and isakmp client), BGP, DHCP for voip/users, with some extended access lists. The question is, do I use 2 outside IPs that were previously on my router outside interfaces on the 2 outside ASA interfaces since it will be in front of the router facing the handoffs, then use the inside interfaces to connect to 2 router internal IPs interfaces?
0
Comment
Question by:yachtingpromotions
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:Steven Roman
ID: 41742842
Hello


I would put a External Switch to handle the external ports first off just to make it easier to monitor and function
Yo mention one external to Colo and one for cross connects circuits(what kind of circuits) ISP, Wan, telco etc?

The ASA Firepower can do the Procider connections, DHCP for internal and ACLs, but I would recommend something internal do DHCP for Coice/Users like an internal Server or Switch.  Heck you can has the ASA do all th eBorder work and use the Router as an internal Routing/Gwateway function

What BGP is running?  Multi ISp connections?  VPN connections can be done on the ASA also
0
 

Author Comment

by:yachtingpromotions
ID: 41742878
I really don't want to buy another piece of equipment as far as outside switch goes, just want to plug the 2 handoffs from ISP with external static IPs into ASA and take it from there. The circuits are fiber metro E, that connect to 2 locations of of the company.  Is it better to handle DHCP on ASA or Router since I have both, never liked server DHCP. The BGP is same provider, 2 separate handoffs. VPN is a must on ASA, that I know now.
0
 
LVL 4

Accepted Solution

by:
Steven Roman earned 2000 total points
ID: 41742927
Hi,

No worries you can forego th eExt Switch

If the same ISP gives both Links are they going in via Fiber to a Metro switch then Copper to you?
If so you can have both go into your ASA.  In the ASA you can set Tracking to monitor one interface and if it fails send traffic out the other one.

But if th eISP is doing anything with BGP the ASA cannot do BGP and you have to use th eRouter and burn it up ofr this simple process.


I would talk to the ISP and ask them if you can just add default routes out both paths and track on the ASA.  This would free up the router

Thanks
0
 

Author Closing Comment

by:yachtingpromotions
ID: 41742936
Thank you! This has pointed me in the right direction, I will get started on the config.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question