[c-nsp] network design question
Alex Valentine
alex at phataudio.org
Mon Nov 20 15:28:42 EST 2006
I was having a debate over a proposed network design, and I was
wondering if some of the people on this list could provide some insight.
Design #1 (proposed layout)
T1#1 <-> Cisco 2600#1<-> Pix515e <-> Cisco2821#1 <-> Interal NET
T1#2 <-> Cisco 2600#2<-> Pix515e <-> Cisco2821#2
Design #2 (my layout)
T1#1 <-> Cisco 2821#1 <-> Pix 515e#1,2(failovercble) <-> Internal NET
T1#2 <-> Cisco 2821#2
Design #1 has 2600's at the edge, and then the PIX in between two
routers. The logic being that the 2600's would just act as the T-1
interface, and the PIX would have the actual external IP addresses,
because the PIX was more secure to outside traffic than a router. Is
that true?
I proposed design #2, because it gets rid of the 2600's all
together(reducing the potential for hardware failure), and it makes good
use of the 2800's. My feeling is that it makes a lot more sense to have
the 2800's handling the external interfaces, and then use the pix after
to secure the internal network.
Any thoughts in to the merits of either design? Any opinions/insight
would be greatly appreciated.
Thanks,
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3659 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20061120/124517e9/attachment.bin
More information about the cisco-nsp
mailing list