Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
4
Replies

Internal Routing Question

Go to solution
Lakeram Harrypersaud
Level 1
Level 1

‎09-21-2011 07:56 AM - edited ‎03-07-2019 02:20 AM

We have a Cisco Catalyst 3750 with two vlans which is trunked to a Nortel switch which also has two vlans. The Cisco 3750 switch is performing routing for all vlans even for the ones which exist on the Nortel switch. The Nortel switch as well as all the servers and workstations are using a Cisco ASA5510 as it's gateway. Can someone please explain to me the disadvantages of this setup compared to using the Cisco core switch as the default gateway for all all devices and just use the ASA5510 for traffic that goes to the internet?

Any help will be appreciated

Thanks,

Lake

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-21-2011 08:01 AM

Lake

It basically depends on how secure you want the vlans that are routed off the firewall to be.

Generally unless you have specific security requirements i prefer to do all inter-vlan routing off the L3 switch and use the ASA purely for internet access.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎09-21-2011 08:15 AM

Depends on how the rest of the VOIP network is setup.

But i'm assuming that for users that use the firewall as their DG they go to the firewall only to be routed back to the 3750 which is not an optiumal path. In addition it depends if you have used subinterfaces on the firewall or not. If you have then the physical interface bandwidth has to be split between each vlan.

The packets will probably experience more latency but it may still be well within acceptable levels so you don't necessarily have to move those vlans, it's more about using the right devices for the right functions.

Basically if you have a small network ie. a L2 switch and then an ASA it can make sense to use the firewall to route the vlans. If you need very secure vlans in terms of inter-vlan traffic then again it can make sense to use the firewall.

Apart from those specific examples i would use the L3 switch to route the traffic because that is what it is designed for and use the firewall to protect your LAN from the internet because again that is what it is designed for.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-21-2011 08:01 AM

Lake

It basically depends on how secure you want the vlans that are routed off the firewall to be.

Generally unless you have specific security requirements i prefer to do all inter-vlan routing off the L3 switch and use the ASA purely for internet access.

Jon

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Jon Marshall

‎09-21-2011 08:05 AM

We have almost 200 users and each user will be getting VOIP phones. Will this cause latency by using the firewall as the gateway especially with all VOIP traffic hitting the firewall?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎09-21-2011 08:15 AM

Depends on how the rest of the VOIP network is setup.

But i'm assuming that for users that use the firewall as their DG they go to the firewall only to be routed back to the 3750 which is not an optiumal path. In addition it depends if you have used subinterfaces on the firewall or not. If you have then the physical interface bandwidth has to be split between each vlan.

The packets will probably experience more latency but it may still be well within acceptable levels so you don't necessarily have to move those vlans, it's more about using the right devices for the right functions.

Basically if you have a small network ie. a L2 switch and then an ASA it can make sense to use the firewall to route the vlans. If you need very secure vlans in terms of inter-vlan traffic then again it can make sense to use the firewall.

Apart from those specific examples i would use the L3 switch to route the traffic because that is what it is designed for and use the firewall to protect your LAN from the internet because again that is what it is designed for.

Jon

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Jon Marshall

‎09-21-2011 08:20 AM

Thank you very much Jon. I truely appreciate all help.

Regards,

Lake

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card