Hello, I am new to this type of setup, but what I would like to do is; I have a ISP handoff with 5 static IP's. I woul like to go from the handoff to a 3560 Cisco Switch, from the switch to a 1921 Cisco Router, then to a ASA5505. My question is the routing, would the Gigabitethernet 0/1on the switch need one of the WAN IP's or would it route to the Router internally from a LAN IP? From there would the Router use a WAN IP or LAN? The ASA would be doing NAT.
You can use the 3560 switch as a layer-2 device with no IP. Also, since the firewall will be doing NAT, you can put your 1921 router behind the firewall. So the provide will connect physically to the 3560 and than the 3560 to the firewall. In this case the provider in logically peering with the firewall. Than the firewall connects to your 1921 using a layer-3 link. So something like this
provider--------layer-2------3560--------firewall-----1921--------switch-----end point devices.
ISP----1921---ASA--3560(doing all your routing as it is l3 capable)--devices..
you just saved $$$ on a sw there! you could do some qos on the l3 sw as well to reduce the load on the asa.
also, note that you would need two gigbit ports on the 1921 if you want to achieve the above design and 2 IP's will be used on your 1921 as well. I wouldn't make the ASA face the internet directly as you have an extra layer of security in front of the ASA(router 1921) which you harden completely. I am more comfortable with a router in front of the ASA.. maybe it is just me! lol
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...