We have been provided with two options by our technology consultants to cater for Network Infrastructure in our new office building that spans across 20 floors with data center on 10th and IDFs on each floor.
*Attached Diagram Option I is using Cisco Cat 3750E at the access layer and Core and Distribution collapsed into a pair of 6509s.
* Option II is more high end with 4509s on the access layer and separated distribution and core layer (redundant).
But glaring in the diagram is the way two ASA 5540 are connected in failover mode. Seems like in both options I and II the consultants have multihomed it.
Is this possible? Is the representation right? I need to be sure of this point before I take this up for technical feasibility.
Also, any other concerns based on this diagrams that I should have..please advise!!
They can be multihomed for redundancy. You might want to have your consultants create a detailed diagram for the firewall infrastructure; explaining how they connect to the switches, why, and what scenarios provide redundancy and what scenarios won't.
I understand that the current ASA code does not allow the same VLAN ID to be used across two interfaces. This maybe doable in the future but an ASA expert also tells me that not today. Can you provide please provide me with the link on this site that describes how this can be done so that I can test it on one of our ASAs?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...