Basic Design Question - Firewall Router segment

Network.Support · ‎09-18-2013

I'm at a new place and have to re-do the current lan. Small office, 80-100 users. Existing setup is flat network, no QoS, no VLANs. I have already replaced an older PIX with a new ASA (5525x) and added a DMZ.

I am currently trying to draw up a proposed design which currently will be single firewall, multiple VLans(user, server, voice, guest). My question is regarding the link between core router(L3 switch, whatever) and firewall. I'm thinking the correct setup is to have a seperate /30 subnet on the interfaces between the firewall and router as below, and then router will just have a default route of 0.0.0.0 0.0.0.0 10.1.100.2 Is this correct?

Internet-------Firewall-(10.1.100.2/30)----------------------------(10.1.100.1/30) --Router ----(10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, etc)

Thanks,

Kelvin Willacey · ‎09-18-2013

That should work fine, as long as the firewall knows how to route traffic to the internal subnets.

stephen.stack · ‎09-24-2013

Your design is good. But as for the subnet between the core (router or L3 switch - switch preffered) and edge FW, i suggest something a little larger than a /30. Like a /28. You may want to add a standby FW in a few months or years, or a new WAN connection to that 'demarc' subnet' at some point. It's good practice to leave some romo for growth. Even if you dont forsee it right now.

==========================
http://www.rConfig.com

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Shahzad Arain · ‎10-13-2013

Hello Travis,

Design is fine, for DMZ you have to configure proper ACL according to your needs, what traffic to allow from FW to DMZ and access from with in your internal network.

Regards,

Shahzad