Design question

Unanswered Question

Hi,


I need some input on the below;

1.A connection hitting the serial interface of the router(3845) thorugh V-sat and willl be primarly used for voip and video conferencing.There will not be any internet connection thorugh this as these connections needs to be establish among remote sites of the same company.Say have will get subnet 192.168.10.1/24 on fast ethernet int.


2. An ASA 5510 and getting the internet through the optical fiber in closet say with gateway 192.168.20.1 and range for distribution from 2-254 in the same subnet.

3. 3750 switch used for internal distribution.

Solution

Now what should be design like.Should both the cables i.e one from router(for Video&VOIP ) and fiber oneshould be terminated on the ASA int0 & int1 of ASA respecitvely.Nat to one particular subnet and distriute to internal network.Now if traffic going out Will voip,video go thorugh(int0) and rest all will go through int1 or not ?Is this possible?If yes then please let me know how to achieve this?



Reg,

Sushil


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.

Sushil,


1) if the VoIP and VC traffic will not go to the internet, do the remote sites have there own internet connections? What are you protecting your internal network from these remote connections on VoIP and VC?? Do they need to be protected from your internet network, as you have the connection to the internet?


Is there ANY need to protect anything connected to the router? If not, connect the router to your internal network and your ASA to your internal network and give your network interenet access.


HTH>






Andrew here no need to protect the router traffic.


Little confuse baout traffic moving out of the internal side.


Say port internal port of switch is having ip 192.168.0.1/24.And plug it to port 2 with 192.168.0.2/24 of switch.So internal traffic will move out for router internal gateway for voice and video.


Now for same internal network we need to have internet access.Here we will use 192.168.0.1/24 internal gateway for ASA and connect it to switch say on port3.


Is it correct?But how will the traffic will move out from internal network.Will it default move to asa for internet and router in case of voip?Will switch will

have the intellgency to do that?Any specific config on switch???


Reg,

Sushil


Sushil,


You are asking the wrong questions - as you don't really know what you want to do.


1) Do you want the ASA to protect any traffic?

2) Do you want the router to route any traffic other than the 192.168.10./24

3) What type of switch do you have - it is capable of MLS?

4) Are you running any dynamic routing protocols?

5) Are you just using static routes?

6) Do you require any VPN's?

7) Do you need VPN failover?


HTH>

Andrew,


Let me put it this way.Internet connection thorugh firewall and protecting internal network.This part perfectly no problem at all.


Now needs to have voice and Voip for the same internal network exclusivley with remote offices.So arrangement is through the router what have been mentioned.Getting some ip on internal int of router so needs to disrtibute it to same internal network on which internet is working.


Here Have 2 gateways One thorugh 3845 router and other is internet which are thorugh Fiber to asa outside int.

) Do you want the ASA to protect any traffic?

Yes,internal traffic.192.168.0.2-254

2) Do you want the router to route any traffic other than the 192.168.10./24


No.

3) What type of switch do you have - it is capable of MLS?

3750

4) Are you running any dynamic routing protocols?

no

5) Are you just using static routes?

yes

6) Do you require any VPN's?

no

7) Do you need VPN failover?

no



You can just consider that one is the ideal scenario with gateway,ASA and switch protecting internal traffic and servers.


Now Voice and VOIP to same hosts but that arrangement is through different gateway.


Hope I am clear with this.Let me know if need more clearity.


Reg,

Sushil



Actions

This Discussion