cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
10
Helpful
6
Replies

2 separate networks - router or pix?

davieshuw
Level 1
Level 1

Hi. A customer has 2 physically separate networks, lets call them Network A and Network Z.

Now. Network A would like to be able to access some info on Network Z, but we dont want Network Z to see anything on Network A.

Network A -----> Network Z

now as they're phsically separate networks, which would be best to allow connectivity from A to Z, a router or a firewall?

Now I could also throw away the switch on Network Z for example, and just use VLANS and run the network from Network A's switch, eliminating the need for multiple switches. Would a router on a stick be suitable for use with such a setup?

6 Replies 6

srue
Level 7
Level 7

a firewall because of the need for security and access control. not that a router (with firewall feature set especially) couldn't do it, a firewall could just do it better - and by default.

Yes thats what im leaning towards.

Ok, well if I was to use one network and impliment 2 VLANS, VLAN A and VLAN B carrying their original traffic, do you think a router would do the job ? as a Pix would have bit of a time trying to deal with VLAN's id imagine?

Not sure what you mean by one network 2 vlans. Pix firewalls can do 802.1q routing on a stick just as routers can - at least pix 515E and above. But if you separate the vlans with the pix ie. vlan A on one interface of pix and vlan B on another interface then the pix doesn't need to understand vlan id's at all.

Jon

Sorry I should have been more clear:

As they have 2 physically separate networks at the moment with separate switches and the likes, I was thinking of doing away with one of the physical networks and making 2 VLANS to run over one set of infrastructure (saving on cost of new switches mainly)

This still doesn't mean your pix has to understand vlan id's. If you had just one switch you would create 2 vlans on it and then just attach one of the pix interfaces to one of the vlans and the other to the other vlan. This is not routing on a stick just using the same physical switch for both vlans.

If you only wanted to use one of the pix interface to separate both vlans then yes you would need 802.1q on that connection and the Pix 515E and above + ASA's can do that.

Jon

makes perfect sense, thanks mate!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: