Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
6
Replies

Switching ISP provided subnet

Michael Connelly
Level 1
Level 1

‎05-08-2017 03:49 PM - edited ‎03-08-2019 10:29 AM

ISP provides a /26 public subnet with a gateway of x.x.x.129.

We want to place either a router or L3 switch in front of the ISP router/switch and use it to manage the IP block provided by the ISP.

Our goal is to place our own ASA and several severs parallel to the ASA on the public subnet and behind our router/L3 switch.

We want to use our router/L3 switch to manage the flow of traffic between our ISP and our edge devices, ASA and parallel servers.

We are not sure how to setup our router/L3 switch to perform the functions we desire or whether or not we should even use a L3 switch to manage such traffic due to security reasons.

Any advice and/or help you can provide would be appreciated.

Labels:
0 Helpful
6 Replies 6

Julio E. Moisa
VIP
VIP

‎05-08-2017 04:41 PM

Hi Michael,

My understanding is you want something like, is that correct?:

ISP --- Router/L3switch ---- ASA
                     |
                     |
              Servers

If Im correct, I suggest install a (L3 or L2) switch instead a router and configure a Vlan X to connect the ISP, ASA and servers to the switch. It should be an easy way to have all of them at the same network.

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Michael Connelly
Level 1
Level 1
In response to Julio E. Moisa

‎05-08-2017 05:18 PM

Close but not quite.

                   ISP

                   |

                   Router/L3 Switch

                   |

          _________________

          |                 |

          Parallel       ASA

          Server                  |

          |                           |

          _________________

                   |

                   CORP NET

 
0 Helpful

Michael Connelly
Level 1
Level 1
In response to Michael Connelly

‎05-08-2017 05:40 PM

Forgive me,  I see what you are saying. This is what  I was originally planning, placing a L3 switch in the middle but then my inner paranoid voice said that his would not be a good thing to do, but to think of placing a router with an IOS firewall in the middle rather than the L3 switch.

0 Helpful

Julio E. Moisa
VIP
VIP
In response to Michael Connelly

‎05-08-2017 09:07 PM

Hi Michael,

You could use that and use bridging (like BVI) to interconnect the devices using the same VLAN, but I depends of your requirements, because it could be a sub-optimal or expensive scheme. 

May I know why you need the Servers configured with public IPs? you could connect them to the Firewall and create a DMZ. 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Michael Connelly
Level 1
Level 1
In response to Julio E. Moisa

‎05-09-2017 09:27 AM

The server is a Microsoft DirectAccess server that we need to assign public IP addresses to in order to use Teredo and IP-HTTPS. If we NAT traffic for this server we are only able to use IP-HTTPS. The server has its own firewall so we do not want to place it behind an IOS firewall.

0 Helpful

Julio E. Moisa
VIP
VIP
In response to Michael Connelly

‎05-09-2017 09:30 AM

Ok, that sounds good. With a L3 switch you also can use ACL to protect. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card