From: Aaron T. Woland (aaron.woland@ins.com)
Date: Tue Mar 28 2006 - 15:03:02 GMT-3
DSL is just not a stable medium, regardless of bridged or routed. Plus the
SLA's on DSL are horrible.
If you are given your internet connection via an Ethernet port, then yes,
you can use the ASA as the perimeter device. It will support basic QOS now,
too.
-Aaron
Aaron T. Woland | Consultant | INS | Email: aaron.woland@ins.com |
Website: www.ins.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kemal Yildirim (Netron)
Sent: Tuesday, March 28, 2006 12:57 PM
To: Sheahan, John; Stefan Grey; ccielab@groupstudy.com
Subject: RE: Cisco security perimeter!! :(
Hi Stefan,
If your provider gives internet connectivity by an ADSL modem, you will
probably face with ADSL modem crash everyday. This is true where ADSL
modem run in routing mode.
I recommend you, if that is the case, run the ADSL modem in bridge mode,
and set the ASA as pppoE client, in this way you can off load routing
process from ADSL modem.
Regards,
Kemal
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sheahan, John
Sent: Tuesday, March 28, 2006 8:35 PM
To: Stefan Grey; ccielab@groupstudy.com
Subject: RE: Cisco security perimeter!! :(
In that case, I don't see any reason to go into a router first unless
there was some functionality that you needed from the router (such as
QOS, EIGRP etc..) that could not be provided on the ASA. Those are the
only things I can think of :-)
-----Original Message-----
From: Stefan Grey [mailto:examplebrain@hotmail.com]
Sent: Tuesday, March 28, 2006 12:32 PM
To: Sheahan, John; ccielab@groupstudy.com
Subject: RE: Cisco security perimeter!! :(
There is, the provider gives an ethernet interface, and it is my matter
where I plug it in. I can plug it into ASA.... why not?? For example in
clients building is the ADSL modem. And my router or ASA can be
connected
with this modem by fe. Or??
>From: "Sheahan, John" <John.Sheahan@priceline.com>
>Reply-To: "Sheahan, John" <John.Sheahan@priceline.com>
>To: "Stefan Grey" <examplebrain@hotmail.com>, <ccielab@groupstudy.com>
>Subject: RE: Cisco security perimeter!! :(
>Date: Tue, 28 Mar 2006 12:07:58 -0500
>
>Perhaps your presales engineer is just trying to make the point that
you
>need to terminate your internet circuit on a router before you get to a
>Pix/ASA. There is no way to bring a circuit directly into the Pix/ASA.
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Stefan Grey
>Sent: Tuesday, March 28, 2006 11:56 AM
>To: ccielab@groupstudy.com
>Subject: Cisco security perimeter!! :(
>
>Hello guys.
>
>Task.
>Receive from the ISP internet link, vpn link, maybe some other. Then
>provide
>the perimeter security.
>
>1. Idea 1. Just to put ASA/PIX on the perimeter and than connect it to
>the
>local switch.
>
>1. My senior presales engenier told me that it is a bad solution. And
he
>
>didn't saw such a design before. He tells that always is done so: the
>router
>on the perimeter and than the router itself is connected with the
>firewall
>or ASA. He told that the router is needed to configure the shaping and
>to
>avoid some headaches.
>
>Could you please explain why 1st design is bad. Why shaping is so
>necessary
>on the perimeter router. Why this router is needed and which bad things
>could I receive if I build design 1. (with just one ASA or PIX).
>
>Any help highly appreciated.
>
>_________________________________________________________________
>Find accommodation FAST with MSN Search! http://search.msn.ie/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3