Router Inside of Firewall

OneTwoMany · ‎01-20-2005

Currently we have a firewall device that acts as the gateway to the T1. Have an Avaya IP office inside but our call quality is pretty bad. T1 is running full most of the time. Would like to implement a QoS solution with a 2611 router we have. Is it feasible to put router inside the firewall and have the internal ethernet interface takeover the gateway then implement a LLQ for voice and forward traffic out to the firewall.

Can the two router interface be on the same subnet? or should they be on separate subnets with a statis route?

Thanks

Richard Burts · ‎01-20-2005

It would certainly seem feasible to put a router inside the firewall. However since the congestion will occur where traffic is going from a higher bandwidth (Ethernet or FastEthernet) to lower bandwidth (T1) I am not sure that you will see the improvement that you would like. Could you consider putting the router outside so that it is the connection between the high bandwidth and low bandwidth interfaces?

The second part of your question is easy: it is not possible for two LAN interfaces on a router to be in the same subnet (unless one of the interfaces is configured as backup interface to the other so that only one is active at a time).

HTH

Rick

HTH

Rick

OneTwoMany · ‎01-20-2005

Putting the router outside was one of my first choices however the firewall creates a VPN to another office. If I put the router outside it would not be able to prioritize only the VOIP, it would have to do all of the VPN traffic.

So I should put the inside port of the firewall and the outside port of the router on the same subnet, and then put the inside port of the router on a different subnet and make it the gateway for the internal network.

Would then a static route between the router ports be the best idea?

The firewall currently does NAT for the internal network. Would I be better off leaving it there or moving it to the router?

Thanks again!!