Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
15
Helpful
16
Replies

New to Network - Is this topology and understanding correct ? (please help)

Go to solution
SJ K
Level 5
Level 5

‎02-18-2015 11:43 AM - edited ‎03-07-2019 10:44 PM

Hi all,

I am new to network and is currently taking my ICDN1 course, but have no actual hands-on experience beside the short labs lesson in class..

Hence, I will like to take this opportunity to check with gurus here for their advices and to see if my understanding is correct or wrong.

Please pardon me if I ask/make any silly questions or wrong theories.

=========================================================

Refer to below diagram (which I drawn)

Assumptions

Node 1 and Node 2 need to have public IPs assigned by ISP.
Internal and mangement network not reflected Security not a concern, NAT/DMZ not required
Firewall and Router are 2 separate physical device
 

Questions

Q1) is my toplogy and IPs assignment correct base on the assumption above ?

Q2) do we need to assign IPs to Fe0/0 for both firewall and MyRouter ? Must it be using the ISP issued IPs or can it be internal IPs ?

Q3) Can we consider MyRouter Fe0/0 and below = 1 broadcast domain/network segment or
MyRouter Fe0/0 to Fe0/0 firewall = 1 network segment and Firewall Fe0/1 and below = another network segment ? and why ?

 

I am thinking of how does a IP packet transfer from node1 to the internet. Let's say node1 send a packet to 8.8.8.8

[src ip=202.156.1.4][dst ip=8.8.8.8][src mac=a.b.c.d][dst mac=a.b.c.f] (packet going from Node1 to the gateway/firewall)
[src ip=202.156.1.4][dst ip=8.8.8.8][src mac=a.b.c.g][dst mac=a.b.c.h] (packet going from the Firewall to the MyRouter)

Q4) How does firewall know which interface it must exit on the next hop ?
Is there a routing table in Firewall ? Does the Firewall has a default gateway , or it has a default route ?

Q5) Since the firewall is connected to MyRouter directly, how does it know the MAC address of MyRouter and vice versa ? Can we do ARP request without going through switch ? Is the MyRouter physically connected to the switch or to the Firewall ?

Hope some kind gurus here can enlightened me.

Thanks

Labels:
0 Helpful
16 Replies 16

Go to solution
Abbas Rizvi
Level 1
Level 1
In response to Jon Marshall

‎02-22-2015 01:47 PM

I am also thinking along the lines of what Jon is stating.  Public IPs are routable on the internet.  Hackers, etc...can easily scan the network on a routable ip for vulnerabilities.  Given the types of security risks out there these days, having a layer 4-7 firewall (like a cisco ASA or Palo Alto) is a good idea. So my initial question was, what firewall are you using?

As stated earlier, there are many ways to do what you are trying but probably a good idea to follow best practices.  You can always refer to Cisco's reference design docs for detailed understanding. 

Hope that helps.

Thanks

Go to solution
Abbas Rizvi
Level 1
Level 1

‎02-19-2015 04:02 PM

What type of firewall is it?  Use a private IP space for your LAN and you should be able to statically NAT each node with a specific global IP.  Depending on what apps are running on the Nodes, you will need to open specific ports on the firewall.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card