cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
885
Views
0
Helpful
3
Replies

Cisco 5525 with Outside Internet Connection (Design)

I have a design question:

Currently, we are running out internet connection from provider to our network core (via Vlan99). Then it gets connected to our Firewall via vlan 99..

This is the flow:

ISP Provider
Switch Stack Port G1/0/25 switchport access vlan 99
Firewall connected to our Switch Stack via Trunk (trunk allowed vlan 99)
Firewall Interface G0/7 IP x.x.x.x Subnet x.x.x.x Vlan99 Logical Type.

Our Firewall (Cisco ASA5525), has an interface setup for that connection (Vlan99), with a name of outside, and our External IP Address. (Logical Type Interface).

I would like to move our connection from the core to the firewall, (I don't want the internet to run thru the switch first, then the firewall).

Would it be safe to say that I could physically move the connection to the firewall, and that's all? The firewall has an outside routing of 0.0.0.0 0.0.0.0 with gateway of our G0/7 Firewall Interface.

Or is there more to this than meets the eye?

Sorry for the noob question, but I want to understand this a little better, and my feeling says that moving the connection from core to the firewall would be sufficient enough, but then again im not an expert at firewalls much.

Thanks....

1 Accepted Solution

Accepted Solutions

Yes, that's right.

Your core switch defaults to route out via the firewall inside interface. No change in that regard.

The firewall applies security policy and performs network address translation to public IP address space.

The firewall defaults to route out to the ISP interface facing you. No change there either.

As I noted, if your firewall interface configuration currently has a vlan statement that will no longer be necessary since you won't have a trunk port with VLAN tagging.

View solution in original post