I have a DS3 box which drops me an RJ45 at 100/full. logically speaking, my network looks like:
DS3 - 3825 - ASA5510 - 3560G - 2960G's
All my internal routing is happening on the 3560G.
Right now, my DS3 box is directly plugged into my 3825. My 3825 is directly connected to my firewall. My firewall is directly connected to my L3 switch. All of the above ports are point-to-point, no trunks, no vlans.
My question is: what is best practice here? Should the DS3, edge router, and firewall all be hooking into the L3 switch via vlans/trunks and then logically putting the pieces together? If so, how exactly do I accomplish this?
I imagine the DS3 -> edge router will remain a point to point.
I feel like the inside interface of the edge router should hook to my L3. using a subinterface on the edge and a trunk on the L3? Then I could drop a subinterface of my firewall outside int to a trunk on the L3 on a the same vlan.
then drop a subinterface of the firewall inside interface to a trunk on the L3 on a different vlan, and have an inside IP assigned to that vlan on my L3 switch as the default route of the firewall coming in.
Can someone confirm or correct please? config examples would be high appreciated!!