05-30-2011 09:55 PM - edited 03-06-2019 05:16 PM
Hi team,
I am confused with a design for remote office connectivity......
as per my plan router comes first as edge router where WAN link and Internet(firewall as internet modem) is terminated then it goes to firewall and then to Core switch. But management wants to terminate WAN link and internet on firewall then goes to router in case there is Voice requirement(as CME) then switch. My question is there any extra security we achieve by doing this ? is it a best practice of course we run ospf/bgp on wan link with ISP..
Attached is the tree designs ........
Please any comment on this i am searching for valid documents to prove my design....
05-31-2011 06:58 AM
Is your switch L3? I mean is the switch doing all the routing for the internal LANs?
What firewalls are you using? Cisco PIX, or ASA or another make?
Sometiems its good to put a router to terminate the WAN connection because you need policy based routing, but if thats not needed it's fine to terminate on a firewall. Each has advantages/disadvantages, routing being one of them, and security being another. But then if the WAN (MPLS) is prviate you shouldn't have security concerns.
The same really goes for internet access. Depends. Each design is valid. Again if you had multiple lines you could use PBR to send traffic down each line and a router is better for that.
I can say that I worked with a large network and we had both. The WAN (MPLS) was conected directly to firewalls. We also had remote offices connected to a Cisco 7513 directly and then to a firewall. The internet was connected directly to a firewall. When I say directly I mean logically. Physically it was all connect to core switches at layer 2 and then the L3 IP was either configured on the firewall or a router.
HTH,
Ian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide