Solved: Routing Decision

Docklands · ‎06-11-2016

We are designing a network for connection to our clients WAN. There will be two separate connections to the WAN via ASA devices. The client will use one connection for monitoring the new network using SNMP traffic and the other for all other traffic (FTP, HTTP). They use Policy Based Routing

The network we are designing comprises 5 layer 2 switches supporting local VoIP, PABX and workstations used in conjunction with the telephones. Each switch will each be connected to two routers running HSRP to provide redundant gateway. VLSM is used on the network for the VLAN's.

What is the best method to connect the two routers to the two ASA devices?

We understand that it is not good practice to connect the HSRP routers directly to the ASA devices, so we are considering inserting intermediary routers and running EIGRP.

Any advice?

Thanks

Philip D'Ath · ‎06-29-2016

Cisco 891-24X

http://www.cisco.com/c/en/us/support/routers/891-24x-integrated-services-router-isr/model.html

View solution in original post

Philip D'Ath · ‎06-29-2016

What if R1 or R4 failed - which is just as likely.

View solution in original post

Philip D'Ath · ‎06-11-2016

There is nothing wrong with using HSRP to provide default gateway protection for ASA's.

Are these standalone ASA's, or an active/standby ASA configuration?

Docklands · ‎06-12-2016

The ASA's are standalone

Philip D'Ath · ‎06-12-2016

I would just use HSRP with the routers. If you want you could dual connect the ASA's using the "Redundant" interface feature, or single connect them as you feel is needed.

Docklands · ‎06-28-2016

Thanks for the advice Philip.

We are considering using the 2960 at the edge. What equipmnet would you recommend for the HSRP routers?

Philip D'Ath · ‎06-28-2016

How much throughput will the routers need, and how many interfaces? Any Ethernet only interfaces?

Since you need to buy switches, sometimes it works out better to just get layer 3 switches, like Cisco 3850's. If you use a stack you don't need redundant connections or HSRP. Nice and simple, and reliable.

Docklands · ‎06-28-2016

The original logical design is shown in the attached. The throughput is quite low - 10-12Mb.

Philip D'Ath · ‎06-28-2016

As long as it has enough interfaces you could get by with a local cost Cisco 891F.

Docklands · ‎06-29-2016

Looks a good option but if we wanted 16 ports is there an alternative?

Philip D'Ath · ‎06-29-2016

Cisco 891-24X

http://www.cisco.com/c/en/us/support/routers/891-24x-integrated-services-router-isr/model.html

Docklands · ‎06-29-2016

Ps. what did you think of the logical design?

Philip D'Ath · ‎06-29-2016

What does R2 and R3 gain you? If you removed them from the solution would it affect anything (apart from making it simpler)?

If everything was dual connected to R1 and R4 wouldn't you get a similar result?

Docklands · ‎06-29-2016

I originally included them so there would be an alternative route out of the network via either firewall. eg. if R2 failed the route to F1 would be lost.

If F1 where connected to R2 and R3 there was concern it may cause instability on F1.

Philip D'Ath · ‎06-29-2016

What if R1 or R4 failed - which is just as likely.