Suggestion on the network diagram

Unanswered Question
Apr 30th, 2007

Hi,

find the diagram attached to post, suggest me if i am wrong on something. also tell me where exactly i should put the URL filtering, bcoz in my earlier setup, i had only 1 internet router, where her it is going to 2 router with 2 different ISP, so bit confused on this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Mon, 04/30/2007 - 05:11

Hi,

URL filtering on what?

About the Radware positioning, Since ASA is Active/Standby it won't help for the incoming. For the outgoing, if you're router is capable of GLBP, why don't try GLBP first? Beside it's a Single Radware so a single point of failure even though it's pass-through device, if you need to replace it you still need to bring down the network.

You mentioned two ISP, do you have your own ASN/Prefix?

Thus all VLAN gateway ends in ASA (802.1Q)? I recommend you assign one VLAN for the following;

- Network Printers

- Wireless

- User per department or floor

- Others if you prefer

What does your Storage/Backup backup? If its server, some practice it this way;

- Install another interface for all server for backup purposes

- Configure this interface on one network same with the Backup server

- This way, the backup runs in different interface and you can also use dedicated switch for the backup it so it won't affect your network performance.

Anand Narayana Mon, 04/30/2007 - 05:21

Thanks for the reply medan,you mean to say implementing GLBP would be the right choice isn't? can you guide me & correct me if i am wrong.

Router-1 ---> ISP-1

Router-2 ---> ISP-2

configuring GLBP & the virtual IP address would be the gateway for Radware or

if radware is not there, then the virtual IP address would b the gateway for Cisco ASA-Active & Cisco ASA-Standby am i right?

correct me if i am wrong.

also how abt out the incoming, bcoz when u say GLBP, load balace will happen for outgoing, when accessing the servers from the internet like mail server etc... how the load balance will happen?

Danilo Dy Mon, 04/30/2007 - 05:51

Hi,

GLBP for gateway of your ASA. For incoming, use BGP load sharing (if you have your own ASN/Prefix you need to check this with your two ISPs http://www.cisco.com/warp/public/459/40.html#conf5 ). Its actually not a load balancing for incoming, but it will save you $$$ for purchasing a load balancer in the initial setup. You can still retain the option of purchasing the load balancer in the future when you really need it. I see people purchasing a lot of "nice" devices/software but not able to use it because the alternative is inexpensve or better or the infrastructure doesn't support it.

If you put the load balancer, how thus the incoming works? I'm not sure if it can load balance the incoming internet traffic through your multiple WAN links since your ISP controlled it. You may need to ask your vendor for POC to verify it can load balance incoming internet traffic through multiple WAN links.

I forgot to mention in my earlier post regarding separating VLANs. It will give you more control specially when there is attack and virus spread. Network Printers are prone to virus attacks, user and wireless are carrier of those attacks.

Actions

This Discussion