cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
554
Views
0
Helpful
5
Replies

Connectivity and communication Solution Required comprising ASA 5510, 2960 switches, 2911 routers

Mujeeb Shaik
Level 1
Level 1

what we have:

2 routers 2911

2 switches 2960

2 hp proliant servers one is named TCM, one is named FDM,

1 cisco  ASA Firewall device

we have three networks coming in:

one network containing TCM and FDM servers,

one totally different network named siemens,

one totally different network named ESF Area

The .IP Addresses of TCM server:

4 NICs, 3 used, 192.168.0.9/24,  192.168.1.9/24, 192.168.170.77/26

The IP Addresses of FDM Server:

4 NICs, 3 used 192.168.0.11/24, 192.168.1.11/24, 192.168.170.78/26

A totally differenet /26 network is used in siemens with a firewall having IP 192.168.170.125/26 , and a server "X" with IP 192.168.170.11

What we have to do..

ESF area should be able to connect and communicate with FDM and TCM,,physical connectivity coming through ESF is through fiber,,,can terminate them to normal connections using SFP modules on switch.

TCM and FDM and their complete LAN containing other PCs (not present now,,,in future) should have internet access through firewall..

TCM and FDM both should be able to connect and communicate with Server "X",, on the siemens network..

MY requirements:

Please correct or change the IP addresses if wrong, suggest new,, please note that we are as of now using 192.168.170.xyz ip addresses as of now with subnet 255,255,255,192/26.. for communication with siemens..

if we require routers in this scenario,, what will be their work and purpose and configuration to route,,give complete configuration.

what will be the configuration on firewall ASA 5510.

what configuration should be there on the switches and how should they be used.

5 Replies 5

Hello.

Could you please draw a diagram, especially how TCM/FDM currently connects to siemens? And please draw all the IP-addresses are in use by network equipment.

What security requiremement do you have? So far I saw no requirements for restrictions or filtering (except of Internaet access).

What are the expected traffic types between networks?

What is the expected link utilization between networks?

What is the expected Internet link bandwidth?

---

Draft guess:

I would suggest to use ASA for inter-network filtering and Internet access.

Switches could be used for device interconnectivity and (as you mentioned) for fiber termination.

One router could be used for TCM/FDM (to route traffic between subnets).

One more router could be used for any other purpose (like CE for Internet).

Thanks a lot Mikhailovsky for the response.. Please find the diagrams attached.QP existing.jpgqp New proposed.jpg

Hello, Mujeeb.

What about all the other questions:

  • What security requiremement do you have? So far I saw no requirements for restrictions or filtering (except of Internet access).
  • What are the expected traffic types between networks?
  • What is the expected link utilization between networks?
  • What is the expected Internet link bandwidth?
  • Do you have any routing between TCM and PLC networks (192.168.0.0/24 and 192.168.1.0/24)? If not, then why?

Dear Mikhaelovsky,

Thanks for the effort,

•What security requiremement do you have? So far I saw no requirements for restrictions or filtering (except of Internet access).

As of Now we dont have security requirements.

•What are the expected traffic types between networks?

Traffic type is data

•What is the expected link utilization between networks?

n/a,, assumption can be made as this is not in our scope of work

•What is the expected Internet link bandwidth?

5 mbps

•Do you have any routing between TCM and PLC networks (192.168.0.0/24 and 192.168.1.0/24)? If not, then why?

No routing enabled, not required.

As of now our scope is just to initiate the things, the internal it department will beresponsible for the above criteria from there on.

Regards,

Mujeeb SM

Hello, Mujeeb.

If you have no security requirements, then the easiest thing to do is to enable routing on the routers and create L3 interface per subnet.

For first-hop redundancy use HSRP.

This will solve all your interconnectivity issues you could have.You will also be able to decommission redundant NICs on your servers, unless you need them for dedicated L2 domains.

As you free up NICs on the servers, you will be able to build either LACP (to a single switch) or a redundant interface (to a pair of switches).

For Internet access use ASA.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: