Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Internet Handoff to switch

Hello, I am new to this type of setup, but what I would like to do is; I have a ISP handoff with 5 static IP's. I woul like to go from the handoff to a 3560 Cisco Switch, from the switch to a 1921 Cisco Router, then to a ASA5505. My question is the routing, would the Gigabitethernet 0/1on the switch need one of the WAN IP's or would it route to the Router internally from a LAN IP? From there would the Router use a WAN IP or LAN? The ASA would be doing NAT.

What would this type of setup look like?

Thanks for the help.

Everyone's tags (6)
3 REPLIES
VIP Super Bronze

Internet Handoff to switch

Hi,

You can use the 3560 switch as a layer-2 device with no IP. Also, since the firewall will be doing NAT, you can put your 1921 router behind the firewall. So the provide will connect physically to the 3560 and than the 3560 to the firewall.  In this case the provider in logically peering with the firewall. Than the firewall connects to your 1921 using a layer-3 link. So something like this

provider--------layer-2------3560--------firewall-----1921--------switch-----end point devices.

HTH

New Member

Re: Internet Handoff to switch

well, tbh, i wouldn't put my sw there at all.

i would rather have it like below:

ISP----1921---ASA--3560(doing all your routing as it is l3 capable)--devices..

you just saved $$$ on a sw there! you could do some qos on the l3 sw as well to reduce the load on the asa.

also, note that you would need two gigbit ports on the 1921 if you want to achieve the above design and 2 IP's will be used on your 1921 as well. I wouldn't make the ASA face the internet directly as you have an extra layer of security in front of the ASA(router 1921) which you harden completely. I am more comfortable with a router in front of the ASA.. maybe it is just me! lol

Re: Internet Handoff to switch

If the provider is handing off Ethernet to you, just plug in directly to the Asa and skip the router completely. Use the switch behind the Asa and save yourself some configuration headaches.

Sent from Cisco Technical Support iPad App

1184
Views
0
Helpful
3
Replies
CreatePlease to create content