Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Studying otions - Design issues

We have been provided with two options by our technology consultants to cater for Network Infrastructure in our new office building that spans across 20 floors with data center on 10th and IDFs on each floor.

*Attached Diagram Option I is using Cisco Cat 3750E at the access layer and Core and Distribution collapsed into a pair of 6509s.

* Option II is more high end with 4509s on the access layer and separated distribution and core layer (redundant).

But glaring in the diagram is the way two ASA 5540 are connected in failover mode. Seems like in both options I and II the consultants have multihomed it.

Is this possible? Is the representation right? I need to be sure of this point before I take this up for technical feasibility.

Also, any other concerns based on this diagrams that I should have..please advise!!

Rgds

  • Other Security Subjects
4 REPLIES

Re: Studying otions - Design issues

They can be multihomed for redundancy. You might want to have your consultants create a detailed diagram for the firewall infrastructure; explaining how they connect to the switches, why, and what scenarios provide redundancy and what scenarios won't.

HTH and please rate.

New Member

Re: Studying otions - Design issues

Thanks for the reply clark.

In order to multihome my firewall, I'll have to provide, same IP address to two interfaces on the same subnet.

Is this doable on ASA for I don't remember if it was doable on PIX?

Re: Studying otions - Design issues

On the ASA you'll use an SVI (VLAN interface) instead of a physical interface. You can assign two or more physical ports to the 'inside' VLAN and connect each port back to the core/distribution layer.

HTH and please rate.

New Member

Re: Studying otions - Design issues

I understand that the current ASA code does not allow the same VLAN ID to be used across two interfaces. This maybe doable in the future but an ASA expert also tells me that not today. Can you provide please provide me with the link on this site that describes how this can be done so that I can test it on one of our ASAs?

112
Views
0
Helpful
4
Replies
This widget could not be displayed.