Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2689
Views
0
Helpful
3
Replies

Internet Handoff to switch

learncisco
Level 1
Level 1

‎06-02-2012 11:21 AM - edited ‎03-07-2019 07:02 AM

Hello, I am new to this type of setup, but what I would like to do is; I have a ISP handoff with 5 static IP's. I woul like to go from the handoff to a 3560 Cisco Switch, from the switch to a 1921 Cisco Router, then to a ASA5505. My question is the routing, would the Gigabitethernet 0/1on the switch need one of the WAN IP's or would it route to the Router internally from a LAN IP? From there would the Router use a WAN IP or LAN? The ASA would be doing NAT.

What would this type of setup look like?

Thanks for the help.

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎06-02-2012 02:26 PM

Hi,

You can use the 3560 switch as a layer-2 device with no IP. Also, since the firewall will be doing NAT, you can put your 1921 router behind the firewall. So the provide will connect physically to the 3560 and than the 3560 to the firewall.  In this case the provider in logically peering with the firewall. Than the firewall connects to your 1921 using a layer-3 link. So something like this

provider--------layer-2------3560--------firewall-----1921--------switch-----end point devices.

HTH

0 Helpful

mikull.kiznozki
Level 1
Level 1

‎06-02-2012 08:31 PM

well, tbh, i wouldn't put my sw there at all.

i would rather have it like below:

ISP----1921---ASA--3560(doing all your routing as it is l3 capable)--devices..

you just saved $$$ on a sw there! you could do some qos on the l3 sw as well to reduce the load on the asa.

also, note that you would need two gigbit ports on the 1921 if you want to achieve the above design and 2 IP's will be used on your 1921 as well. I wouldn't make the ASA face the internet directly as you have an extra layer of security in front of the ASA(router 1921) which you harden completely. I am more comfortable with a router in front of the ASA.. maybe it is just me! lol

0 Helpful

Jeff Van Houten
Level 5
Level 5

‎06-03-2012 10:32 AM

If the provider is handing off Ethernet to you, just plug in directly to the Asa and skip the router completely. Use the switch behind the Asa and save yourself some configuration headaches.

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card