I have a new 20Mb internet being put in soon. The new ISP will be putting a 15000 series router in our facility, and will be giving me the Internet in an Ethernet handoff. I have heard from a few different Cisco people about where to terminate, but wanted to get some opinions on here.
Should I purchase a 2911 to terminate the connection, or terminate it straight into the ASA5520? I currently have just 2 T1 lines going into a 2821 router, then into the ASA(through a segregated vlan on the core).
I actually have two different spots where I need to make this decision on. One is the corporate office, the other is a DR site, which will also have an ethernet handoff from the same provider.
Thanks in advance.
Thanks guys. I personally wanted to move to the router option, but had two people state their opinions on being able to terminate on the ASA since its an ethernet handoff.
Anybody else? I just want to be sure I get this correct the first time, since it'll be in place for many years to come.
The ASA does support traffic shaping so you could in theory connect the handoff directly into your firewall. However it really does depend on what else your firewall will be doing. As Reza says, often it is best left to get on with securing traffic rather than doing things traditionally done by a router. Traffic shaping does have an overhead that comes with it and if your firewall has a large rule base, is doing a lot of NAT, some deep packet inspection and possibly URL filtering/IPS then i would hand off managing traffic flow to a router.
As with most things like this it can often come down to cost. So yes the ASA has the functionality to do it but with a 20Mb internet connection it may well be very busy doing what it is designed to do without having the additional overhead of traffic shaping.
Edit - also note that in terms of QOS and feature interaction/compatability you have far more options on a router than you do on an ASA.