Question:
I want to know if the design could work WS-C3750X-48P-L fine or if there are better way to achieve using different design. However, I'm
more concern with the position of the devices and the networks between the
devices and possibly how routing would be configure easily ( I prefer static
route for now).
Answer:
There are two options where you could
perform the NAT, but you have to consider the following things before taking
decision about NAT:-
1. Are you having a BGP peering with your
service provider, if yes thn NAT must be performed on that router so that you
don;t need to advertise those routes in your network.
2. If you have static default route towards
your SP, then you can perform the NAT either on ASA or on router, the only
thing is that you have to maitain the public IPs till your ASA and has to
announce the reverse route from your router. (Again a bit Cumbersome)
Generally it is recommended to have a
default route with your SP and terminate the link directly on firewall and do
the NAT over there. But in your case, you have router as well as ASA, so better
to perform the NAT on your exit router (Please do the planning how many
sessions you are looking for).
I typically like to make the main data
center 10.1.x.x/16, the secondary data center 10.2.x.x/16, etc.
Also, the point to point /30's can be from
192.168.0.0/16, or you could do something like 10.255.0.0/16. Whatever you
think will fit together after growth. As long as you can summarize the /30's to
something like 192.168.0.0/15, that's great.
I like 172.16.0.0/13 for DMZ's. 172.16.0.0
for main data center/location, 172.17.0.0/16 for secondary data
center/location, etc.
172.31.0.0/16 for loopbacks on routers.
The big picture is that at some point
you'll go to your branch router and want to summarize all of your main location
IPs out to the branches. It'll be easier if all you have WS-C3750X-24S-S to put in is 10.1.0 .0/16
(you can do the same with 172.23.0.0/16).
没有评论:
发表评论