[c-nsp] network design question

[Brian Desmond]

I would go with #2. Are you putting a switch pair between the 2821s and
PIXen or are you meshing e0 and e1 to each of the 2821s?

Thanks,
Brian Desmond
brian at briandesmond.com

c - 312.731.3132

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Alex Valentine
Sent: Monday, November 20, 2006 2:29 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] network design question

I was having a debate over a proposed network design, and I was
wondering if some of the people on this list could provide some insight.
        
Design #1 (proposed layout)
T1#1 <-> Cisco 2600#1<-> Pix515e <-> Cisco2821#1 <-> Interal NET
T1#2 <-> Cisco 2600#2<-> Pix515e <-> Cisco2821#2
        
Design #2 (my layout)
T1#1 <-> Cisco 2821#1 <-> Pix 515e#1,2(failovercble) <-> Internal NET
T1#2 <-> Cisco 2821#2
        
Design #1 has 2600's at the edge, and then the PIX in between two
routers. The logic being that the 2600's would just act as the T-1
interface, and the PIX would have the actual external IP addresses,
because the PIX was more secure to outside traffic than a router. Is
that true?
        
I proposed design #2, because it gets rid of the 2600's all
together(reducing the potential for hardware failure), and it makes good
use of the 2800's. My feeling is that it makes a lot more sense to have
the 2800's handling the external interfaces, and then use the pix after
to secure the internal network. 
        
Any thoughts in to the merits of either design? Any opinions/insight
would be greatly appreciated. 
        
Thanks,
        
Alex