Firewall for Internet link termination

Unanswered Question
Jon Marshall Mon, 03/15/2010 - 08:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

[email protected]


Hi All,


Can we terminate an internet link with ethernet handoff on a firewall.If yes what are the pros and cons of it.how the routing will be done in this case.


please assit with above queries.


thanks


VIcky


Yes you can and the routing would be quite simple ie. you would simply need a default-route on the ASA pointing to the upstream ISP router eg.


ip route 0.0.0.0 0.0.0.0


As for pros and cons. Well routers have more functionality such as a much more fully featured QOS toolset but then if it is Internet connectivity your   QOS options are limited anyway. An upstream router can also be used to filter out some of the more general traffic ie. you should not see any private RFC addressing coming from the Internet so you can have a basic acl on the router to filter this out.


But probably the most common reason to use a router is that the handoff is not ethernet which was happened a lot in the past. Nowadays with ethernet becoming more prevalent in WAN as well as LAN it is perfectly acceptable to terminate your connection directly to the ASA.


Jon

Actions

This Discussion