Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
1
Replies

Remote office design

Shi-packet-life
Frequent Visitor
Frequent Visitor

‎05-30-2011 09:55 PM - edited ‎03-06-2019 05:16 PM

Hi team,

I am confused with a design for remote office connectivity......

as per my plan   router comes first as edge router where WAN link and Internet(firewall as internet modem) is terminated  then it goes to firewall and then to Core switch. But management wants to terminate WAN link and internet on firewall then goes to router in case there is Voice requirement(as CME) then switch. My question is  there any extra security we achieve by doing this ? is it a best practice of course we run ospf/bgp on wan link with ISP..

Attached is the tree designs ........

Please any comment on this i am searching for valid documents to prove my design....

Labels:
87162-Startup Network Design Proposals.vsd.zip
0 Helpful
1 Reply 1

IAN WHITMORE
Level 9
Level 9

‎05-31-2011 06:58 AM

Is your switch L3? I mean is the switch doing all the routing for the internal LANs?

What firewalls are you using? Cisco PIX, or ASA or another make?

Sometiems its good to put a router to terminate the WAN connection because you need policy based routing, but if thats not needed it's fine to terminate on a firewall. Each has advantages/disadvantages, routing being one of them, and security being another. But then if the WAN (MPLS) is prviate you shouldn't have security concerns.

The same really goes for internet access. Depends. Each design is valid. Again if you had multiple lines you could use PBR to send traffic down each line and a router is better for that.

I can say that I worked with a large network and we had both. The WAN (MPLS) was conected directly to firewalls. We also had remote offices connected to a Cisco 7513 directly and then to a firewall. The internet was connected directly to a firewall. When I say directly I mean logically. Physically it was all connect to core switches at layer 2 and then the L3 IP was either configured on the firewall or a router.

HTH,

Ian

0 Helpful
Customers Also Viewed These Support Documents